Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2008-2370 (GCVE-0-2008-2370)
Vulnerability from cvelistv5
Published
2008-08-04 01:00
Modified
2024-08-07 08:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:58:02.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30494",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30494"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-4.html"
},
{
"name": "20080801 [CVE-2008-2370] Apache Tomcat information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495022/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:10577",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577"
},
{
"name": "ADV-2009-1535",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1535"
},
{
"name": "RHSA-2008:0862",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"
},
{
"name": "34013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34013"
},
{
"name": "ADV-2008-2823",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2823"
},
{
"name": "37460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37460"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html"
},
{
"name": "31982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31982"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "32120",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32120"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "33999",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33999"
},
{
"name": "31865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31865"
},
{
"name": "oval:org.mitre.oval:def:5876",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876"
},
{
"name": "4099",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4099"
},
{
"name": "FEDORA-2008-8130",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html"
},
{
"name": "31639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31639"
},
{
"name": "SUSE-SR:2008:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "MDVSA-2008:188",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188"
},
{
"name": "31379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"
},
{
"name": "ADV-2009-0320",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0320"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "RHSA-2008:0864",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html"
},
{
"name": "tomcat-requestdispatcher-info-disclosure(44156)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "35393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35393"
},
{
"name": "57126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57126"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "36249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36249"
},
{
"name": "31891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31891"
},
{
"name": "33797",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33797"
},
{
"name": "1020623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020623"
},
{
"name": "FEDORA-2008-7977",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html"
},
{
"name": "ADV-2008-2305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2305"
},
{
"name": "FEDORA-2008-8113",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tomcat.apache.org/security-5.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "31381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31381"
},
{
"name": "HPSBUX02401",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
},
{
"name": "HPSBST02955",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"name": "ADV-2009-2215",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2215"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "ADV-2009-0503",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0503"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "SSRT090005",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
},
{
"name": "32266",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32266"
},
{
"name": "RHSA-2008:0648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-13T16:09:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "30494",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30494"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-4.html"
},
{
"name": "20080801 [CVE-2008-2370] Apache Tomcat information disclosure vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495022/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:10577",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577"
},
{
"name": "ADV-2009-1535",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1535"
},
{
"name": "RHSA-2008:0862",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"
},
{
"name": "34013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34013"
},
{
"name": "ADV-2008-2823",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2823"
},
{
"name": "37460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37460"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html"
},
{
"name": "31982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31982"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "32120",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32120"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "33999",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33999"
},
{
"name": "31865",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31865"
},
{
"name": "oval:org.mitre.oval:def:5876",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876"
},
{
"name": "4099",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4099"
},
{
"name": "FEDORA-2008-8130",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html"
},
{
"name": "31639",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31639"
},
{
"name": "SUSE-SR:2008:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "MDVSA-2008:188",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188"
},
{
"name": "31379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"
},
{
"name": "ADV-2009-0320",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0320"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "RHSA-2008:0864",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html"
},
{
"name": "tomcat-requestdispatcher-info-disclosure(44156)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "35393",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35393"
},
{
"name": "57126",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57126"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "36249",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36249"
},
{
"name": "31891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31891"
},
{
"name": "33797",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33797"
},
{
"name": "1020623",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020623"
},
{
"name": "FEDORA-2008-7977",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html"
},
{
"name": "ADV-2008-2305",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2305"
},
{
"name": "FEDORA-2008-8113",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tomcat.apache.org/security-5.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "31381",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31381"
},
{
"name": "HPSBUX02401",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
},
{
"name": "HPSBST02955",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"name": "ADV-2009-2215",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2215"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "ADV-2009-0503",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0503"
},
{
"name": "ADV-2009-3316",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "SSRT090005",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
},
{
"name": "32266",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32266"
},
{
"name": "RHSA-2008:0648",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [22/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [20/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [22/30] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [25/34] - /tomcat/site/trunk/docs/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-2370",
"datePublished": "2008-08-04T01:00:00",
"dateReserved": "2008-05-21T00:00:00",
"dateUpdated": "2024-08-07T08:58:02.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2008-2370\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2008-08-04T01:41:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.\"},{\"lang\":\"es\",\"value\":\"Apache Tomcat 4.1.0 hasta la 4.1.37, 5.5.0 hasta la 5.5.26 y 6.0.0 hasta la 6.0.16, cuando se utiliza RequestDispatcher, realiza una regularizaci\u00f3n de ruta antes de eliminar la cadena de consulta desde la URI, lo cual permite a atacantes remotos dirigir ataques de salto de directorio y leer archivos arbitrariamente mediante un .. (punto punto) en un parametro request.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E300013-0CE7-4313-A553-74A6A247B3E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E08D7414-8D0C-45D6-8E87-679DF0201D55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB15C5DB-0DBE-4DAD-ACBD-FAE23F768D01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60CFD9CA-1878-4C74-A9BD-5D581736E6B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02860646-1D72-4D9A-AE2A-5868C8EDB3AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BE4B9B5-9C2E-47E1-9483-88A17264594F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BE92A9B-4B8C-468E-9162-A56ED5313E17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE21D455-5B38-4B07-8E25-4EE782501EB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9AE125C-EB8E-4D33-BB64-1E2AEE18BF81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47588ABB-FCE6-478D-BEAD-FC9A0C7D66DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C92F3744-C8F9-4E29-BF1A-25E03A32F2C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"084B3227-FE22-43E3-AE06-7BB257018690\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7DDA1D1-1DB2-4FD6-90A6-7DDE2FDD73F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2BFF1D5-2E34-4A01-83A7-6AA3A112A1B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D536FF4-7582-4351-ABE3-876E20F8E7FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C03E4C9-34E3-42F7-8B73-D3C595FD7EE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB43F47F-5BF9-43A0-BF0E-451B4A8F7137\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFFFE700-AAFE-4F5B-B0E2-C3DA76DE492D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11DDD82E-5D83-4581-B2F3-F12655BBF817\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A0F0C91-171E-421D-BE86-11567DEFC7BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F22D2621-D305-43CE-B00D-9A7563B061F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A5D55E8-D3A3-4784-8AC6-CCB07E470AB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F4245BA-B05C-49DE-B2E0-1E588209ED3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8633532B-9785-4259-8840-B08529E20DCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1D9BD7E-FCC2-404B-A057-1A10997DAFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F935ED72-58F4-49C1-BD9F-5473E0B9D8CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FADB75DC-8713-4F0C-9F06-30DA6F6EF6B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EA52901-2D16-4F7E-BF5E-780B42A55D6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A79DA2C-35F3-47DE-909B-8D8D1AE111C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BF6952D-6308-4029-8B63-0BD9C648C60F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94941F86-0BBF-4F30-8F13-FB895A11ED69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17522878-4266-432A-859D-C02096C8AC0E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"951FFCD7-EAC2-41E6-A53B-F90C540327E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF1F2738-C7D6-4206-9227-43F464887FF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98EEB6F2-A721-45CF-A856-0E01B043C317\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02FDE602-A56A-477E-B704-41AF92EEBB9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A28B11A-3BC7-41BC-8970-EE075B029F5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AD3E84C-9A2E-4586-A09E-CBDEB1E7F695\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB203AEC-2A94-48CA-A0E0-B5A8EBF028B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E98B82A-22E5-4E6C-90AE-56F5780EA147\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34672E90-C220-436B-9143-480941227933\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92883AFA-A02F-41A5-9977-ABEAC8AD2970\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"989A78F8-EE92-465F-8A8D-ECF0B58AFE7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F5B6627-B4A4-4E2D-B96C-CA37CCC8C804\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACFB09F3-32D1-479C-8C39-D7329D9A6623\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D56581E2-9ECD-426A-96D8-A9D958900AD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"717F6995-5AF0-484C-90C0-A82F25FD2E32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B0C01D5-773F-469C-9E69-170C2844AAA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB03FDFB-4DBF-4B70-BFA3-570D1DE67695\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F5CF79C-759B-4FF9-90EE-847264059E93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"357651FD-392E-4775-BF20-37A23B3ABAE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"585B9476-6B86-4809-9B9E-26112114CB59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6145036D-4FCE-4EBE-A137-BDFA69BA54F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E437055A-0A81-413F-AB08-0E9D0DC9EA30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9276A093-9C98-4617-9941-2276995F5848\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C98575E2-E39A-4A8F-B5B5-BD280B8367BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5878E08E-2741-4798-94E9-BA8E07386B12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69F6BAB7-C099-4345-A632-7287AEA555B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3AAF031-D16B-4D51-9581-2D1376A5157B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51120689-F5C0-4DF1-91AA-314C40A46C58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F67477AB-85F6-421C-9C0B-C8EFB1B200CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16D0C265-2ED9-42CF-A7D6-C7FAE4246A1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49E3C039-A949-4F1B-892A-57147EECB249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F28C7801-41B9-4552-BA1E-577967BCBBEE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25B21085-7259-4685-9D1F-FF98E6489E10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"635EE321-2A1F-4FF8-95BE-0C26591969D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A81B035-8598-4D2C-B45F-C6C9D4B10C2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1096947-82A6-4EA8-A4F2-00D91E3F7DAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C95ADA4-66F5-45C4-A677-ACE22367A75A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11951A10-39A2-4FF5-8C43-DF94730FB794\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"351E5BCF-A56B-4D91-BA3C-21A4B77D529A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2DC2BBB4-171E-4EFF-A575-A5B7FF031755\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B6B0504-27C1-4824-A928-A878CBBAB32D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D903956B-14F5-4177-AF12-0A5F1846D3C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F847DC-A2F5-456C-9038-16A0E85F4C3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/31379\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/31381\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/31639\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/31865\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/31891\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/31982\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/32120\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/32222\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/32266\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/33797\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/33999\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/34013\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/35393\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/36249\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/37460\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/57126\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://securityreason.com/securityalert/4099\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.apple.com/kb/HT3216\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://tomcat.apache.org/security-4.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://tomcat.apache.org/security-5.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:188\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0648.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0862.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0864.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/495022/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/507985/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/30494\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/31681\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id?1020623\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0002.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0016.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2305\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2780\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2823\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0320\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0503\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1535\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/2215\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3316\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44156\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31379\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31381\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31639\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31865\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31891\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/31982\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32120\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32222\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/32266\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/33797\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/33999\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/34013\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/35393\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/36249\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/37460\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/57126\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securityreason.com/securityalert/4099\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT3216\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tomcat.apache.org/security-4.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tomcat.apache.org/security-5.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tomcat.apache.org/security-6.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:188\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0648.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0862.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2008-0864.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/495022/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/507985/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/30494\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/31681\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1020623\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2009-0016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2305\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2780\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/2823\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0320\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/0503\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/1535\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/2215\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2009/3316\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/44156\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
rhsa-2008:0877
Vulnerability from csaf_redhat
Published
2008-09-22 13:32
Modified
2025-09-10 13:42
Summary
Red Hat Security Advisory: jbossweb security update
Notes
Topic
An updated jbossweb package that fixes various security issues is now
available for JBoss Enterprise Application Platform (JBoss EAP) 4.2 and
4.3.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
JBoss Web Server (jbossweb) is an enterprise ready web server designed for
medium and large applications, is based on Apache Tomcat, and is embedded
into JBoss Application Server. It provides organizations with a single
deployment platform for JavaServer Pages (JSP) and Java Servlet
technologies, Microsoft® .NET, PHP, and CGI.
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the jbossweb process. (CVE-2008-2938)
Users of jbossweb should upgrade to this updated package, which contains
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated jbossweb package that fixes various security issues is now\navailable for JBoss Enterprise Application Platform (JBoss EAP) 4.2 and\n4.3.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Web Server (jbossweb) is an enterprise ready web server designed for\nmedium and large applications, is based on Apache Tomcat, and is embedded\ninto JBoss Application Server. It provides organizations with a single\ndeployment platform for JavaServer Pages (JSP) and Java Servlet\ntechnologies, Microsoft\u00ae .NET, PHP, and CGI.\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the jbossweb process. (CVE-2008-2938)\n\nUsers of jbossweb should upgrade to this updated package, which contains\nbackported patches to resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0877",
"url": "https://access.redhat.com/errata/RHSA-2008:0877"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0877.json"
}
],
"title": "Red Hat Security Advisory: jbossweb security update",
"tracking": {
"current_release_date": "2025-09-10T13:42:52+00:00",
"generator": {
"date": "2025-09-10T13:42:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2008:0877",
"initial_release_date": "2008-09-22T13:32:00+00:00",
"revision_history": [
{
"date": "2008-09-22T13:32:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-09-22T09:32:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T13:42:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"product": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"product_id": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"product": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"product_id": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"product": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"product_id": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"product": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"product_id": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-09-22T13:32:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0877"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-09-22T13:32:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0877"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2938",
"discovery_date": "2008-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "456120"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat Unicode directory traversal vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2938"
},
{
"category": "external",
"summary": "RHBZ#456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938"
}
],
"release_date": "2008-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-09-22T13:32:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0877"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat Unicode directory traversal vulnerability"
}
]
}
rhsa-2008:1007
Vulnerability from csaf_redhat
Published
2008-12-08 09:02
Modified
2025-09-10 13:43
Summary
Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server
Notes
Topic
Updated tomcat packages that fix multiple security issues are now available
for Red Hat Network Satellite Server.
This update has been rated as having low security impact by the Red
Hat Security Response Team.
Details
This update corrects several security vulnerabilities in the Tomcat
component shipped as part of Red Hat Network Satellite Server. In a
typical operating environment, Tomcat is not exposed to users
of Satellite Server in a vulnerable manner. These security updates will
reduce risk in unique Satellite Server environments.
Multiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232,
CVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271)
Users of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update
to these Tomcat packages which resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated tomcat packages that fix multiple security issues are now available\nfor Red Hat Network Satellite Server.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "This update corrects several security vulnerabilities in the Tomcat\ncomponent shipped as part of Red Hat Network Satellite Server. In a\ntypical operating environment, Tomcat is not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232,\nCVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271)\n\nUsers of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update\nto these Tomcat packages which resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:1007",
"url": "https://access.redhat.com/errata/RHSA-2008:1007"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-5.html",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"category": "external",
"summary": "446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "466875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=466875"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_1007.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server",
"tracking": {
"current_release_date": "2025-09-10T13:43:19+00:00",
"generator": {
"date": "2025-09-10T13:43:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2008:1007",
"initial_release_date": "2008-12-08T09:02:00+00:00",
"revision_history": [
{
"date": "2008-12-08T09:02:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-12-08T04:02:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T13:43:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 5.1 (RHEL v.4 AS)",
"product": {
"name": "Red Hat Satellite 5.1 (RHEL v.4 AS)",
"product_id": "4AS-RHNSAT5.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite:5.1::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 5.0 (RHEL v.4 AS)",
"product": {
"name": "Red Hat Satellite 5.0 (RHEL v.4 AS)",
"product_id": "4AS-RHNSAT5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite:5.0:el4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-0:5.0.30-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-0:5.0.30-0jpp_12rh.noarch",
"product_id": "tomcat5-0:5.0.30-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_12rh?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.0.30-0jpp_12rh.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
"product_id": "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-0:5.0.30-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-RHNSAT5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.0.30-0jpp_12rh.noarch as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)",
"product_id": "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-0:5.0.30-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-RHNSAT5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-12-08T09:02:00+00:00",
"details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
"product_ids": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:1007"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-1947",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "446393"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat host manager xss - name field",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1947"
},
{
"category": "external",
"summary": "RHBZ#446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1947",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947"
}
],
"release_date": "2008-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-12-08T09:02:00+00:00",
"details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
"product_ids": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:1007"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Tomcat host manager xss - name field"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-12-08T09:02:00+00:00",
"details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
"product_ids": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:1007"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2938",
"discovery_date": "2008-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "456120"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat Unicode directory traversal vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2938"
},
{
"category": "external",
"summary": "RHBZ#456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938"
}
],
"release_date": "2008-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-12-08T09:02:00+00:00",
"details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
"product_ids": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:1007"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat Unicode directory traversal vulnerability"
},
{
"cve": "CVE-2008-3271",
"discovery_date": "2008-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "466875"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RemoteFilterValve Information disclosure",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3271"
},
{
"category": "external",
"summary": "RHBZ#466875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=466875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3271",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3271"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3271",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3271"
}
],
"release_date": "2008-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-12-08T09:02:00+00:00",
"details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
"product_ids": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:1007"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat RemoteFilterValve Information disclosure"
}
]
}
rhsa-2008_0877
Vulnerability from csaf_redhat
Published
2008-09-22 13:32
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: jbossweb security update
Notes
Topic
An updated jbossweb package that fixes various security issues is now
available for JBoss Enterprise Application Platform (JBoss EAP) 4.2 and
4.3.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
JBoss Web Server (jbossweb) is an enterprise ready web server designed for
medium and large applications, is based on Apache Tomcat, and is embedded
into JBoss Application Server. It provides organizations with a single
deployment platform for JavaServer Pages (JSP) and Java Servlet
technologies, Microsoft® .NET, PHP, and CGI.
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the jbossweb process. (CVE-2008-2938)
Users of jbossweb should upgrade to this updated package, which contains
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated jbossweb package that fixes various security issues is now\navailable for JBoss Enterprise Application Platform (JBoss EAP) 4.2 and\n4.3.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Web Server (jbossweb) is an enterprise ready web server designed for\nmedium and large applications, is based on Apache Tomcat, and is embedded\ninto JBoss Application Server. It provides organizations with a single\ndeployment platform for JavaServer Pages (JSP) and Java Servlet\ntechnologies, Microsoft\u00ae .NET, PHP, and CGI.\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the jbossweb process. (CVE-2008-2938)\n\nUsers of jbossweb should upgrade to this updated package, which contains\nbackported patches to resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0877",
"url": "https://access.redhat.com/errata/RHSA-2008:0877"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0877.json"
}
],
"title": "Red Hat Security Advisory: jbossweb security update",
"tracking": {
"current_release_date": "2024-11-22T02:13:38+00:00",
"generator": {
"date": "2024-11-22T02:13:38+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2008:0877",
"initial_release_date": "2008-09-22T13:32:00+00:00",
"revision_history": [
{
"date": "2008-09-22T13:32:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-09-22T09:32:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T02:13:38+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"product": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"product_id": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"product": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"product_id": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"product": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"product_id": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"product": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"product_id": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-09-22T13:32:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0877"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-09-22T13:32:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0877"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2938",
"discovery_date": "2008-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "456120"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat Unicode directory traversal vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2938"
},
{
"category": "external",
"summary": "RHBZ#456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938"
}
],
"release_date": "2008-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-09-22T13:32:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0877"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat Unicode directory traversal vulnerability"
}
]
}
rhsa-2008:0862
Vulnerability from csaf_redhat
Published
2008-10-02 14:03
Modified
2025-09-10 13:42
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix several security issues are now available
for Red Hat Application Server v2.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
The default security policy in the JULI logging component did not restrict
access permissions to files. This could be misused by untrusted web
applications to access and write arbitrary files in the context of the
Tomcat process. (CVE-2007-5342)
A directory traversal vulnerability was discovered in the Apache Tomcat
webdav servlet. Under certain configurations, this allowed remote,
authenticated users to read files accessible to the local Tomcat process.
(CVE-2007-5461)
A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)
An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)
Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Application Server v2.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nThe default security policy in the JULI logging component did not restrict\naccess permissions to files. This could be misused by untrusted web\napplications to access and write arbitrary files in the context of the\nTomcat process. (CVE-2007-5342)\n\nA directory traversal vulnerability was discovered in the Apache Tomcat\nwebdav servlet. Under certain configurations, this allowed remote,\nauthenticated users to read files accessible to the local Tomcat process.\n(CVE-2007-5461)\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0862",
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-5.html",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"category": "external",
"summary": "333791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
},
{
"category": "external",
"summary": "427216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427216"
},
{
"category": "external",
"summary": "446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0862.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2025-09-10T13:42:50+00:00",
"generator": {
"date": "2025-09-10T13:42:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2008:0862",
"initial_release_date": "2008-10-02T14:03:00+00:00",
"revision_history": [
{
"date": "2008-10-02T14:03:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-10-02T10:03:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T13:42:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Application Server v2 4AS",
"product": {
"name": "Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_application_server:2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Application Server v2 4ES",
"product": {
"name": "Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_application_server:2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Application Server v2 4WS",
"product": {
"name": "Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_application_server:2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Application Server"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
"product_id": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-5342",
"discovery_date": "2007-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427216"
}
],
"notes": [
{
"category": "description",
"text": "The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Tomcat\u0027s default security policy is too open",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5342"
},
{
"category": "external",
"summary": "RHBZ#427216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5342",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5342"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5342",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5342"
}
],
"release_date": "2007-12-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Apache Tomcat\u0027s default security policy is too open"
},
{
"cve": "CVE-2007-5461",
"discovery_date": "2007-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "333791"
}
],
"notes": [
{
"category": "description",
"text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Absolute path traversal Apache Tomcat WEBDAV",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5461"
},
{
"category": "external",
"summary": "RHBZ#333791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
}
],
"release_date": "2007-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Absolute path traversal Apache Tomcat WEBDAV"
},
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-1947",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "446393"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat host manager xss - name field",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1947"
},
{
"category": "external",
"summary": "RHBZ#446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1947",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947"
}
],
"release_date": "2008-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Tomcat host manager xss - name field"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2938",
"discovery_date": "2008-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "456120"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat Unicode directory traversal vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2938"
},
{
"category": "external",
"summary": "RHBZ#456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938"
}
],
"release_date": "2008-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat Unicode directory traversal vulnerability"
}
]
}
RHSA-2010:0602
Vulnerability from csaf_redhat
Published
2010-08-04 21:30
Modified
2025-09-10 13:48
Summary
Red Hat Security Advisory: Red Hat Certificate System 7.3 security update
Notes
Topic
Updated packages that fix multiple security issues and rebase various
components are now available for Red Hat Certificate System 7.3.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Certificate System (RHCS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
Multiple buffer overflow flaws were discovered in the way the pcscd daemon,
a resource manager that coordinates communications with smart card readers
and smart cards connected to the system, handled client requests. A local
user could create a specially-crafted request that would cause the pcscd
daemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,
CVE-2009-4901)
This erratum updates the Tomcat component shipped as part of Red Hat
Certificate System to version 5.5.23, to address multiple security issues.
In a typical operating environment, Tomcat is not exposed to users of
Certificate System in a vulnerable manner. These security updates will
reduce risk in unique Certificate System environments. (CVE-2005-2090,
CVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,
CVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,
CVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)
This erratum provides updated versions of the following components,
required by the updated Tomcat version: ant, avalon-logkit, axis,
classpathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,
log4j, mx4j, xerces-j2, and xml-commons.
A number of components have been updated to fix security issues for users
of Red Hat Certificate System for the Solaris operating system. These fixes
are for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,
CVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues
CVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,
CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,
CVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and
CVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116
and CVE-2008-1927.
Note: Updated apr, apr-util, httpd, mod_perl, and perl packages were
previously available to users of Red Hat Certificate System for Red Hat
Enterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat
Network.
Additionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,
rhpki-java-tools, and rhpki-native-tools packages were updated to address
some anomalous behavior on the Solaris operating system. (BZ#600513,
BZ#605760)
As well, this update provides an updated rhpki-manage package, which
includes installation and uninstall scripts for Red Hat Certificate System
that have been updated with the list of packages required by the Tomcat
component, and an updated dependency on the NSS and NSPR packages.
All users of Red Hat Certificate System are advised to upgrade to these
updated packages, which correct these issues. Refer to the Red Hat
Certificate System Administration Guide, linked to in the References, for
details on how to install the updated packages on the Solaris operating
system. After installing this update, all Red Hat Certificate System
subsystems must be restarted ("/etc/init.d/[instance-name] restart") for
the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that fix multiple security issues and rebase various\ncomponents are now available for Red Hat Certificate System 7.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Certificate System (RHCS) is an enterprise software system designed\nto manage enterprise Public Key Infrastructure (PKI) deployments.\n\nMultiple buffer overflow flaws were discovered in the way the pcscd daemon,\na resource manager that coordinates communications with smart card readers\nand smart cards connected to the system, handled client requests. A local\nuser could create a specially-crafted request that would cause the pcscd\ndaemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,\nCVE-2009-4901)\n\nThis erratum updates the Tomcat component shipped as part of Red Hat\nCertificate System to version 5.5.23, to address multiple security issues.\nIn a typical operating environment, Tomcat is not exposed to users of\nCertificate System in a vulnerable manner. These security updates will\nreduce risk in unique Certificate System environments. (CVE-2005-2090,\nCVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,\nCVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,\nCVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)\n\nThis erratum provides updated versions of the following components,\nrequired by the updated Tomcat version: ant, avalon-logkit, axis,\nclasspathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,\nlog4j, mx4j, xerces-j2, and xml-commons.\n\nA number of components have been updated to fix security issues for users\nof Red Hat Certificate System for the Solaris operating system. These fixes\nare for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,\nCVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues\nCVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,\nCVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,\nCVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and\nCVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116\nand CVE-2008-1927.\n\nNote: Updated apr, apr-util, httpd, mod_perl, and perl packages were\npreviously available to users of Red Hat Certificate System for Red Hat\nEnterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat\nNetwork.\n\nAdditionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,\nrhpki-java-tools, and rhpki-native-tools packages were updated to address\nsome anomalous behavior on the Solaris operating system. (BZ#600513,\nBZ#605760)\n\nAs well, this update provides an updated rhpki-manage package, which\nincludes installation and uninstall scripts for Red Hat Certificate System\nthat have been updated with the list of packages required by the Tomcat\ncomponent, and an updated dependency on the NSS and NSPR packages.\n\nAll users of Red Hat Certificate System are advised to upgrade to these\nupdated packages, which correct these issues. Refer to the Red Hat\nCertificate System Administration Guide, linked to in the References, for\ndetails on how to install the updated packages on the Solaris operating\nsystem. After installing this update, all Red Hat Certificate System\nsubsystems must be restarted (\"/etc/init.d/[instance-name] restart\") for\nthe update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0602",
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#moderate",
"url": "http://www.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html",
"url": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html"
},
{
"category": "external",
"summary": "200732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"
},
{
"category": "external",
"summary": "237079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
},
{
"category": "external",
"summary": "237080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
},
{
"category": "external",
"summary": "237084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
},
{
"category": "external",
"summary": "237085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
},
{
"category": "external",
"summary": "240423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
},
{
"category": "external",
"summary": "244658",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658"
},
{
"category": "external",
"summary": "244803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
},
{
"category": "external",
"summary": "245111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
},
{
"category": "external",
"summary": "245112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
},
{
"category": "external",
"summary": "247972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
},
{
"category": "external",
"summary": "247976",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
},
{
"category": "external",
"summary": "250731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731"
},
{
"category": "external",
"summary": "289511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"
},
{
"category": "external",
"summary": "323571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
},
{
"category": "external",
"summary": "333791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
},
{
"category": "external",
"summary": "419931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931"
},
{
"category": "external",
"summary": "427228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228"
},
{
"category": "external",
"summary": "427739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739"
},
{
"category": "external",
"summary": "427766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
},
{
"category": "external",
"summary": "429821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
},
{
"category": "external",
"summary": "443928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928"
},
{
"category": "external",
"summary": "451615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615"
},
{
"category": "external",
"summary": "457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "458250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250"
},
{
"category": "external",
"summary": "493381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
},
{
"category": "external",
"summary": "503928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
},
{
"category": "external",
"summary": "503978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
},
{
"category": "external",
"summary": "504390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390"
},
{
"category": "external",
"summary": "504555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555"
},
{
"category": "external",
"summary": "504753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
},
{
"category": "external",
"summary": "509125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
},
{
"category": "external",
"summary": "515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "521619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619"
},
{
"category": "external",
"summary": "522209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209"
},
{
"category": "external",
"summary": "570171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171"
},
{
"category": "external",
"summary": "596426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0602.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Certificate System 7.3 security update",
"tracking": {
"current_release_date": "2025-09-10T13:48:07+00:00",
"generator": {
"date": "2025-09-10T13:48:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2010:0602",
"initial_release_date": "2010-08-04T21:30:00+00:00",
"revision_history": [
{
"date": "2010-08-04T21:30:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-08-05T10:04:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T13:48:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4AS",
"product": {
"name": "Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4ES",
"product": {
"name": "Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Certificate System"
},
{
"branches": [
{
"category": "product_version",
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"product": {
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"product_id": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.3.02-2jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"product": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"product_id": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"product": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"product_id": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ant-0:1.6.5-1jpp_1rh.noarch",
"product": {
"name": "ant-0:1.6.5-1jpp_1rh.noarch",
"product_id": "ant-0:1.6.5-1jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"product": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"product_id": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "axis-0:1.2.1-1jpp_3rh.noarch",
"product": {
"name": "axis-0:1.2.1-1jpp_3rh.noarch",
"product_id": "axis-0:1.2.1-1jpp_3rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"product": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"product_id": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"product": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "log4j-0:1.2.12-1jpp_1rh.noarch",
"product": {
"name": "log4j-0:1.2.12-1jpp_1rh.noarch",
"product_id": "log4j-0:1.2.12-1jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"product": {
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"product_id": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"product": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-manage-0:7.3.0-19.el4.noarch",
"product": {
"name": "rhpki-manage-0:7.3.0-19.el4.noarch",
"product_id": "rhpki-manage-0:7.3.0-19.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-manage@7.3.0-19.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ca-0:7.3.0-20.el4.noarch",
"product": {
"name": "rhpki-ca-0:7.3.0-20.el4.noarch",
"product_id": "rhpki-ca-0:7.3.0-20.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ca@7.3.0-20.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-kra-0:7.3.0-14.el4.noarch",
"product": {
"name": "rhpki-kra-0:7.3.0-14.el4.noarch",
"product_id": "rhpki-kra-0:7.3.0-14.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-kra@7.3.0-14.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-tks-0:7.3.0-13.el4.noarch",
"product": {
"name": "rhpki-tks-0:7.3.0-13.el4.noarch",
"product_id": "rhpki-tks-0:7.3.0-13.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tks@7.3.0-13.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"product": {
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"product_id": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ocsp@7.3.0-13.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"product": {
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"product_id": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-java-tools@7.3.0-10.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-jms-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-jta-1.0.1B-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-deployment-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-ejb-2.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-servlet-2.4-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-specs-javadoc@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-1.4-apis@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-connector-1.5-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-jsp-2.0-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-management-1.0-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xml-commons-0:1.3.02-2jpp_1rh.src",
"product": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.src",
"product_id": "xml-commons-0:1.3.02-2jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"product": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"product_id": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "ant-0:1.6.5-1jpp_1rh.src",
"product": {
"name": "ant-0:1.6.5-1jpp_1rh.src",
"product_id": "ant-0:1.6.5-1jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "avalon-logkit-0:1.2-2jpp_4rh.src",
"product": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.src",
"product_id": "avalon-logkit-0:1.2-2jpp_4rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "axis-0:1.2.1-1jpp_3rh.src",
"product": {
"name": "axis-0:1.2.1-1jpp_3rh.src",
"product_id": "axis-0:1.2.1-1jpp_3rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"product": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"product_id": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"product": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "log4j-0:1.2.12-1jpp_1rh.src",
"product": {
"name": "log4j-0:1.2.12-1jpp_1rh.src",
"product_id": "log4j-0:1.2.12-1jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "mx4j-1:3.0.1-1jpp_4rh.src",
"product": {
"name": "mx4j-1:3.0.1-1jpp_4rh.src",
"product_id": "mx4j-1:3.0.1-1jpp_4rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"product": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=src"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-0:1.3.3-3.el4.src",
"product": {
"name": "pcsc-lite-0:1.3.3-3.el4.src",
"product_id": "pcsc-lite-0:1.3.3-3.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"product": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"product": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"product_id": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"product": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"product_id": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch"
},
"product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch"
},
"product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch"
},
"product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch"
},
"product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch"
},
"product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch"
},
"product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-2090",
"discovery_date": "2005-06-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237079"
}
],
"notes": [
{
"category": "description",
"text": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat multiple content-length header poisioning",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-2090"
},
{
"category": "external",
"summary": "RHBZ#237079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-2090",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090"
}
],
"release_date": "2005-06-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat multiple content-length header poisioning"
},
{
"cve": "CVE-2005-3510",
"discovery_date": "2005-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237085"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat DoS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-3510"
},
{
"category": "external",
"summary": "RHBZ#237085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-3510"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510"
}
],
"release_date": "2005-11-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat DoS"
},
{
"cve": "CVE-2006-3835",
"discovery_date": "2006-07-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237084"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat directory listing issue",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-3835"
},
{
"category": "external",
"summary": "RHBZ#237084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-3835",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3835"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835"
}
],
"release_date": "2006-07-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat directory listing issue"
},
{
"cve": "CVE-2006-3918",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2006-07-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "200732"
}
],
"notes": [
{
"category": "description",
"text": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Expect header XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-3918"
},
{
"category": "external",
"summary": "RHBZ#200732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-3918",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3918"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918"
}
],
"release_date": "2006-05-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Expect header XSS"
},
{
"cve": "CVE-2006-5752",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "245112"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd mod_status XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-5752"
},
{
"category": "external",
"summary": "RHBZ#245112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752"
}
],
"release_date": "2007-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd mod_status XSS"
},
{
"cve": "CVE-2007-0450",
"discovery_date": "2007-03-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237080"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat directory traversal",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-0450"
},
{
"category": "external",
"summary": "RHBZ#237080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450"
}
],
"release_date": "2007-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat directory traversal"
},
{
"cve": "CVE-2007-1349",
"discovery_date": "2007-05-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "240423"
}
],
"notes": [
{
"category": "description",
"text": "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_perl PerlRun denial of service",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-1349"
},
{
"category": "external",
"summary": "RHBZ#240423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-1349",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1349"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349"
}
],
"release_date": "2007-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mod_perl PerlRun denial of service"
},
{
"cve": "CVE-2007-1358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-04-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "244803"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat accept-language xss flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-1358"
},
{
"category": "external",
"summary": "RHBZ#244803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-1358",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358"
}
],
"release_date": "2007-06-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat accept-language xss flaw"
},
{
"cve": "CVE-2007-1863",
"discovery_date": "2007-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "244658"
}
],
"notes": [
{
"category": "description",
"text": "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd mod_cache segfault",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-1863"
},
{
"category": "external",
"summary": "RHBZ#244658",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-1863",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863"
}
],
"release_date": "2007-05-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd mod_cache segfault"
},
{
"cve": "CVE-2007-3304",
"discovery_date": "2007-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "245111"
}
],
"notes": [
{
"category": "description",
"text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd scoreboard lack of PID protection",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3304"
},
{
"category": "external",
"summary": "RHBZ#245111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3304",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3304"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304"
}
],
"release_date": "2007-06-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd scoreboard lack of PID protection"
},
{
"cve": "CVE-2007-3382",
"discovery_date": "2007-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "247972"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat handling of cookies",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3382"
},
{
"category": "external",
"summary": "RHBZ#247972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3382",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3382"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382"
}
],
"release_date": "2007-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat handling of cookies"
},
{
"cve": "CVE-2007-3385",
"discovery_date": "2007-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "247976"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat handling of cookie values",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3385"
},
{
"category": "external",
"summary": "RHBZ#247976",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3385",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385"
}
],
"release_date": "2007-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat handling of cookie values"
},
{
"cve": "CVE-2007-3847",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2007-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "250731"
}
],
"notes": [
{
"category": "description",
"text": "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: out of bounds read",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3847"
},
{
"category": "external",
"summary": "RHBZ#250731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3847",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847"
}
],
"release_date": "2007-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: out of bounds read"
},
{
"cve": "CVE-2007-4465",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "289511"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_autoindex XSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-4465"
},
{
"category": "external",
"summary": "RHBZ#289511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465"
}
],
"release_date": "2007-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mod_autoindex XSS"
},
{
"cve": "CVE-2007-5000",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-12-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "419931"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_imagemap XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5000"
},
{
"category": "external",
"summary": "RHBZ#419931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000"
}
],
"release_date": "2007-12-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_imagemap XSS"
},
{
"acknowledgments": [
{
"names": [
"Tavis Ormandy",
"Will Drewry"
]
}
],
"cve": "CVE-2007-5116",
"discovery_date": "2007-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "323571"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl regular expression UTF parsing errors",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5116"
},
{
"category": "external",
"summary": "RHBZ#323571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5116",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5116"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116"
}
],
"release_date": "2007-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "perl regular expression UTF parsing errors"
},
{
"cve": "CVE-2007-5333",
"discovery_date": "2008-01-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427766"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Improve cookie parsing for tomcat5",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5333"
},
{
"category": "external",
"summary": "RHBZ#427766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333"
}
],
"release_date": "2008-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Improve cookie parsing for tomcat5"
},
{
"cve": "CVE-2007-5461",
"discovery_date": "2007-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "333791"
}
],
"notes": [
{
"category": "description",
"text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Absolute path traversal Apache Tomcat WEBDAV",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5461"
},
{
"category": "external",
"summary": "RHBZ#333791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
}
],
"release_date": "2007-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Absolute path traversal Apache Tomcat WEBDAV"
},
{
"cve": "CVE-2007-6388",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427228"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache mod_status cross-site scripting",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-6388"
},
{
"category": "external",
"summary": "RHBZ#427228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388"
}
],
"release_date": "2007-12-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache mod_status cross-site scripting"
},
{
"cve": "CVE-2008-0005",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427739"
}
],
"notes": [
{
"category": "description",
"text": "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_proxy_ftp XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0005"
},
{
"category": "external",
"summary": "RHBZ#427739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0005",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005"
}
],
"release_date": "2008-01-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mod_proxy_ftp XSS"
},
{
"cve": "CVE-2008-0128",
"discovery_date": "2008-01-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "429821"
}
],
"notes": [
{
"category": "description",
"text": "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat5 SSO cookie login information disclosure",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0128"
},
{
"category": "external",
"summary": "RHBZ#429821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0128"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128"
}
],
"release_date": "2006-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat5 SSO cookie login information disclosure"
},
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-1927",
"discovery_date": "2008-04-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "443928"
}
],
"notes": [
{
"category": "description",
"text": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl: heap corruption by regular expressions with utf8 characters",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1927"
},
{
"category": "external",
"summary": "RHBZ#443928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1927",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927"
}
],
"release_date": "2007-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "perl: heap corruption by regular expressions with utf8 characters"
},
{
"cve": "CVE-2008-2364",
"discovery_date": "2008-05-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451615"
}
],
"notes": [
{
"category": "description",
"text": "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364\n\nThe Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2364"
},
{
"category": "external",
"summary": "RHBZ#451615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2364",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364"
}
],
"release_date": "2008-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2939",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "458250"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ftp globbing XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2939"
},
{
"category": "external",
"summary": "RHBZ#458250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2939",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2939"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939"
}
],
"release_date": "2008-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_proxy_ftp globbing XSS"
},
{
"cve": "CVE-2008-5515",
"discovery_date": "2009-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "504753"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat request dispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5515"
},
{
"category": "external",
"summary": "RHBZ#504753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
}
],
"release_date": "2009-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat request dispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2009-0023",
"discovery_date": "2009-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "503928"
}
],
"notes": [
{
"category": "description",
"text": "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util heap buffer underwrite",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0023"
},
{
"category": "external",
"summary": "RHBZ#503928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0023",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023"
}
],
"release_date": "2009-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util heap buffer underwrite"
},
{
"cve": "CVE-2009-0033",
"discovery_date": "2009-01-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "493381"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat6 Denial-Of-Service with AJP connection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0033"
},
{
"category": "external",
"summary": "RHBZ#493381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033"
}
],
"release_date": "2009-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat6 Denial-Of-Service with AJP connection"
},
{
"cve": "CVE-2009-0580",
"discovery_date": "2009-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "503978"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat6 Information disclosure in authentication classes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0580"
},
{
"category": "external",
"summary": "RHBZ#503978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580"
}
],
"release_date": "2009-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat6 Information disclosure in authentication classes"
},
{
"cve": "CVE-2009-1891",
"discovery_date": "2009-06-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "509125"
}
],
"notes": [
{
"category": "description",
"text": "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: possible temporary DoS (CPU consumption) in mod_deflate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1891"
},
{
"category": "external",
"summary": "RHBZ#509125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1891",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891"
}
],
"release_date": "2009-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: possible temporary DoS (CPU consumption) in mod_deflate"
},
{
"cve": "CVE-2009-1955",
"discovery_date": "2009-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "504555"
}
],
"notes": [
{
"category": "description",
"text": "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util billion laughs attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1955"
},
{
"category": "external",
"summary": "RHBZ#504555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1955",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1955"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955"
}
],
"release_date": "2009-06-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util billion laughs attack"
},
{
"cve": "CVE-2009-1956",
"discovery_date": "2009-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "504390"
}
],
"notes": [
{
"category": "description",
"text": "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util single NULL byte buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1956"
},
{
"category": "external",
"summary": "RHBZ#504390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1956",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956"
}
],
"release_date": "2009-04-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util single NULL byte buffer overflow"
},
{
"cve": "CVE-2009-2412",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2009-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "515698"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-2412"
},
{
"category": "external",
"summary": "RHBZ#515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412"
}
],
"release_date": "2009-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management"
},
{
"cve": "CVE-2009-3094",
"discovery_date": "2009-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "521619"
}
],
"notes": [
{
"category": "description",
"text": "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3094"
},
{
"category": "external",
"summary": "RHBZ#521619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3094"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094"
}
],
"release_date": "2009-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply"
},
{
"cve": "CVE-2009-3095",
"discovery_date": "2009-09-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "522209"
}
],
"notes": [
{
"category": "description",
"text": "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3095"
},
{
"category": "external",
"summary": "RHBZ#522209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3095",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3095"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095"
}
],
"release_date": "2009-09-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header"
},
{
"cve": "CVE-2009-4901",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2010-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "596426"
}
],
"notes": [
{
"category": "description",
"text": "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4901"
},
{
"category": "external",
"summary": "RHBZ#596426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4901",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages"
},
{
"cve": "CVE-2010-0407",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2010-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "596426"
}
],
"notes": [
{
"category": "description",
"text": "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0407"
},
{
"category": "external",
"summary": "RHBZ#596426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0407",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages"
},
{
"cve": "CVE-2010-0434",
"discovery_date": "2010-03-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "570171"
}
],
"notes": [
{
"category": "description",
"text": "The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: request header information leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0434"
},
{
"category": "external",
"summary": "RHBZ#570171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0434"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434"
}
],
"release_date": "2009-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: request header information leak"
}
]
}
rhsa-2008:0864
Vulnerability from csaf_redhat
Published
2008-10-02 14:02
Modified
2025-09-10 13:42
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix multiple security issues are now available
for Red Hat Developer Suite 3.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)
An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)
Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated tomcat packages that fix multiple security issues are now available\nfor Red Hat Developer Suite 3.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0864",
"url": "https://access.redhat.com/errata/RHSA-2008:0864"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-5.html",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"category": "external",
"summary": "446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0864.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2025-09-10T13:42:51+00:00",
"generator": {
"date": "2025-09-10T13:42:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2008:0864",
"initial_release_date": "2008-10-02T14:02:00+00:00",
"revision_history": [
{
"date": "2008-10-02T14:02:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-10-02T10:02:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T13:42:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Suite v.3 (AS v.4)",
"product": {
"name": "Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_developer_suite:3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Suite v.3"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_12rh.src",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_12rh.src",
"product_id": "tomcat5-0:5.5.23-0jpp_12rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_12rh?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_12rh.noarch",
"product_id": "tomcat5-0:5.5.23-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_12rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_12rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_12rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_12rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_12rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_12rh?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-DS3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_12rh.src as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_12rh.src",
"relates_to_product_reference": "4AS-DS3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-DS3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-DS3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-DS3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-DS3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-DS3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:02:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0864"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-1947",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "446393"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat host manager xss - name field",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1947"
},
{
"category": "external",
"summary": "RHBZ#446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1947",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947"
}
],
"release_date": "2008-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:02:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0864"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Tomcat host manager xss - name field"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:02:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0864"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2938",
"discovery_date": "2008-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "456120"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat Unicode directory traversal vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2938"
},
{
"category": "external",
"summary": "RHBZ#456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938"
}
],
"release_date": "2008-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:02:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0864"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat Unicode directory traversal vulnerability"
}
]
}
RHSA-2008:0648
Vulnerability from csaf_redhat
Published
2008-08-27 17:13
Modified
2025-09-10 13:42
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)
An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)
Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0648",
"url": "https://access.redhat.com/errata/RHSA-2008:0648"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0648.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2025-09-10T13:42:34+00:00",
"generator": {
"date": "2025-09-10T13:42:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2008:0648",
"initial_release_date": "2008-08-27T17:13:00+00:00",
"revision_history": [
{
"date": "2008-08-27T17:13:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-08-27T13:13:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T13:42:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-08-27T17:13:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0648"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-1947",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "446393"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat host manager xss - name field",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1947"
},
{
"category": "external",
"summary": "RHBZ#446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1947",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947"
}
],
"release_date": "2008-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-08-27T17:13:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0648"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Tomcat host manager xss - name field"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-08-27T17:13:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0648"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2938",
"discovery_date": "2008-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "456120"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat Unicode directory traversal vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2938"
},
{
"category": "external",
"summary": "RHBZ#456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938"
}
],
"release_date": "2008-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-08-27T17:13:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0648"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat Unicode directory traversal vulnerability"
}
]
}
RHSA-2008:0862
Vulnerability from csaf_redhat
Published
2008-10-02 14:03
Modified
2025-09-10 13:42
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix several security issues are now available
for Red Hat Application Server v2.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
The default security policy in the JULI logging component did not restrict
access permissions to files. This could be misused by untrusted web
applications to access and write arbitrary files in the context of the
Tomcat process. (CVE-2007-5342)
A directory traversal vulnerability was discovered in the Apache Tomcat
webdav servlet. Under certain configurations, this allowed remote,
authenticated users to read files accessible to the local Tomcat process.
(CVE-2007-5461)
A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)
An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)
Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Application Server v2.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nThe default security policy in the JULI logging component did not restrict\naccess permissions to files. This could be misused by untrusted web\napplications to access and write arbitrary files in the context of the\nTomcat process. (CVE-2007-5342)\n\nA directory traversal vulnerability was discovered in the Apache Tomcat\nwebdav servlet. Under certain configurations, this allowed remote,\nauthenticated users to read files accessible to the local Tomcat process.\n(CVE-2007-5461)\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0862",
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-5.html",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"category": "external",
"summary": "333791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
},
{
"category": "external",
"summary": "427216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427216"
},
{
"category": "external",
"summary": "446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0862.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2025-09-10T13:42:50+00:00",
"generator": {
"date": "2025-09-10T13:42:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2008:0862",
"initial_release_date": "2008-10-02T14:03:00+00:00",
"revision_history": [
{
"date": "2008-10-02T14:03:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-10-02T10:03:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T13:42:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Application Server v2 4AS",
"product": {
"name": "Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_application_server:2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Application Server v2 4ES",
"product": {
"name": "Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_application_server:2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Application Server v2 4WS",
"product": {
"name": "Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_application_server:2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Application Server"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
"product_id": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-5342",
"discovery_date": "2007-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427216"
}
],
"notes": [
{
"category": "description",
"text": "The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Tomcat\u0027s default security policy is too open",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5342"
},
{
"category": "external",
"summary": "RHBZ#427216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5342",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5342"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5342",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5342"
}
],
"release_date": "2007-12-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Apache Tomcat\u0027s default security policy is too open"
},
{
"cve": "CVE-2007-5461",
"discovery_date": "2007-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "333791"
}
],
"notes": [
{
"category": "description",
"text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Absolute path traversal Apache Tomcat WEBDAV",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5461"
},
{
"category": "external",
"summary": "RHBZ#333791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
}
],
"release_date": "2007-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Absolute path traversal Apache Tomcat WEBDAV"
},
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-1947",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "446393"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat host manager xss - name field",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1947"
},
{
"category": "external",
"summary": "RHBZ#446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1947",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947"
}
],
"release_date": "2008-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Tomcat host manager xss - name field"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2938",
"discovery_date": "2008-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "456120"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat Unicode directory traversal vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2938"
},
{
"category": "external",
"summary": "RHBZ#456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938"
}
],
"release_date": "2008-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat Unicode directory traversal vulnerability"
}
]
}
rhsa-2008_1007
Vulnerability from csaf_redhat
Published
2008-12-08 09:02
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server
Notes
Topic
Updated tomcat packages that fix multiple security issues are now available
for Red Hat Network Satellite Server.
This update has been rated as having low security impact by the Red
Hat Security Response Team.
Details
This update corrects several security vulnerabilities in the Tomcat
component shipped as part of Red Hat Network Satellite Server. In a
typical operating environment, Tomcat is not exposed to users
of Satellite Server in a vulnerable manner. These security updates will
reduce risk in unique Satellite Server environments.
Multiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232,
CVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271)
Users of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update
to these Tomcat packages which resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated tomcat packages that fix multiple security issues are now available\nfor Red Hat Network Satellite Server.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "This update corrects several security vulnerabilities in the Tomcat\ncomponent shipped as part of Red Hat Network Satellite Server. In a\ntypical operating environment, Tomcat is not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232,\nCVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271)\n\nUsers of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update\nto these Tomcat packages which resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:1007",
"url": "https://access.redhat.com/errata/RHSA-2008:1007"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-5.html",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"category": "external",
"summary": "446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "466875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=466875"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_1007.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server",
"tracking": {
"current_release_date": "2024-11-22T02:13:43+00:00",
"generator": {
"date": "2024-11-22T02:13:43+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2008:1007",
"initial_release_date": "2008-12-08T09:02:00+00:00",
"revision_history": [
{
"date": "2008-12-08T09:02:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-12-08T04:02:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T02:13:43+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 5.1 (RHEL v.4 AS)",
"product": {
"name": "Red Hat Satellite 5.1 (RHEL v.4 AS)",
"product_id": "4AS-RHNSAT5.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite:5.1::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 5.0 (RHEL v.4 AS)",
"product": {
"name": "Red Hat Satellite 5.0 (RHEL v.4 AS)",
"product_id": "4AS-RHNSAT5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite:5.0:el4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-0:5.0.30-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-0:5.0.30-0jpp_12rh.noarch",
"product_id": "tomcat5-0:5.0.30-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_12rh?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.0.30-0jpp_12rh.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
"product_id": "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-0:5.0.30-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-RHNSAT5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.0.30-0jpp_12rh.noarch as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)",
"product_id": "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-0:5.0.30-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-RHNSAT5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-12-08T09:02:00+00:00",
"details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
"product_ids": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:1007"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-1947",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "446393"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat host manager xss - name field",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1947"
},
{
"category": "external",
"summary": "RHBZ#446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1947",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947"
}
],
"release_date": "2008-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-12-08T09:02:00+00:00",
"details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
"product_ids": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:1007"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Tomcat host manager xss - name field"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-12-08T09:02:00+00:00",
"details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
"product_ids": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:1007"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2938",
"discovery_date": "2008-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "456120"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat Unicode directory traversal vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2938"
},
{
"category": "external",
"summary": "RHBZ#456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938"
}
],
"release_date": "2008-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-12-08T09:02:00+00:00",
"details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
"product_ids": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:1007"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat Unicode directory traversal vulnerability"
},
{
"cve": "CVE-2008-3271",
"discovery_date": "2008-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "466875"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RemoteFilterValve Information disclosure",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3271"
},
{
"category": "external",
"summary": "RHBZ#466875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=466875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3271",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3271"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3271",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3271"
}
],
"release_date": "2008-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-12-08T09:02:00+00:00",
"details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
"product_ids": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:1007"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat RemoteFilterValve Information disclosure"
}
]
}
rhsa-2008:0648
Vulnerability from csaf_redhat
Published
2008-08-27 17:13
Modified
2025-09-10 13:42
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)
An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)
Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0648",
"url": "https://access.redhat.com/errata/RHSA-2008:0648"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0648.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2025-09-10T13:42:34+00:00",
"generator": {
"date": "2025-09-10T13:42:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2008:0648",
"initial_release_date": "2008-08-27T17:13:00+00:00",
"revision_history": [
{
"date": "2008-08-27T17:13:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-08-27T13:13:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T13:42:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-08-27T17:13:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0648"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-1947",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "446393"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat host manager xss - name field",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1947"
},
{
"category": "external",
"summary": "RHBZ#446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1947",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947"
}
],
"release_date": "2008-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-08-27T17:13:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0648"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Tomcat host manager xss - name field"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-08-27T17:13:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0648"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2938",
"discovery_date": "2008-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "456120"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat Unicode directory traversal vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2938"
},
{
"category": "external",
"summary": "RHBZ#456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938"
}
],
"release_date": "2008-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-08-27T17:13:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0648"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat Unicode directory traversal vulnerability"
}
]
}
rhsa-2010:0602
Vulnerability from csaf_redhat
Published
2010-08-04 21:30
Modified
2025-09-10 13:48
Summary
Red Hat Security Advisory: Red Hat Certificate System 7.3 security update
Notes
Topic
Updated packages that fix multiple security issues and rebase various
components are now available for Red Hat Certificate System 7.3.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Certificate System (RHCS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
Multiple buffer overflow flaws were discovered in the way the pcscd daemon,
a resource manager that coordinates communications with smart card readers
and smart cards connected to the system, handled client requests. A local
user could create a specially-crafted request that would cause the pcscd
daemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,
CVE-2009-4901)
This erratum updates the Tomcat component shipped as part of Red Hat
Certificate System to version 5.5.23, to address multiple security issues.
In a typical operating environment, Tomcat is not exposed to users of
Certificate System in a vulnerable manner. These security updates will
reduce risk in unique Certificate System environments. (CVE-2005-2090,
CVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,
CVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,
CVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)
This erratum provides updated versions of the following components,
required by the updated Tomcat version: ant, avalon-logkit, axis,
classpathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,
log4j, mx4j, xerces-j2, and xml-commons.
A number of components have been updated to fix security issues for users
of Red Hat Certificate System for the Solaris operating system. These fixes
are for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,
CVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues
CVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,
CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,
CVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and
CVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116
and CVE-2008-1927.
Note: Updated apr, apr-util, httpd, mod_perl, and perl packages were
previously available to users of Red Hat Certificate System for Red Hat
Enterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat
Network.
Additionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,
rhpki-java-tools, and rhpki-native-tools packages were updated to address
some anomalous behavior on the Solaris operating system. (BZ#600513,
BZ#605760)
As well, this update provides an updated rhpki-manage package, which
includes installation and uninstall scripts for Red Hat Certificate System
that have been updated with the list of packages required by the Tomcat
component, and an updated dependency on the NSS and NSPR packages.
All users of Red Hat Certificate System are advised to upgrade to these
updated packages, which correct these issues. Refer to the Red Hat
Certificate System Administration Guide, linked to in the References, for
details on how to install the updated packages on the Solaris operating
system. After installing this update, all Red Hat Certificate System
subsystems must be restarted ("/etc/init.d/[instance-name] restart") for
the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that fix multiple security issues and rebase various\ncomponents are now available for Red Hat Certificate System 7.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Certificate System (RHCS) is an enterprise software system designed\nto manage enterprise Public Key Infrastructure (PKI) deployments.\n\nMultiple buffer overflow flaws were discovered in the way the pcscd daemon,\na resource manager that coordinates communications with smart card readers\nand smart cards connected to the system, handled client requests. A local\nuser could create a specially-crafted request that would cause the pcscd\ndaemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,\nCVE-2009-4901)\n\nThis erratum updates the Tomcat component shipped as part of Red Hat\nCertificate System to version 5.5.23, to address multiple security issues.\nIn a typical operating environment, Tomcat is not exposed to users of\nCertificate System in a vulnerable manner. These security updates will\nreduce risk in unique Certificate System environments. (CVE-2005-2090,\nCVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,\nCVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,\nCVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)\n\nThis erratum provides updated versions of the following components,\nrequired by the updated Tomcat version: ant, avalon-logkit, axis,\nclasspathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,\nlog4j, mx4j, xerces-j2, and xml-commons.\n\nA number of components have been updated to fix security issues for users\nof Red Hat Certificate System for the Solaris operating system. These fixes\nare for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,\nCVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues\nCVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,\nCVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,\nCVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and\nCVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116\nand CVE-2008-1927.\n\nNote: Updated apr, apr-util, httpd, mod_perl, and perl packages were\npreviously available to users of Red Hat Certificate System for Red Hat\nEnterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat\nNetwork.\n\nAdditionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,\nrhpki-java-tools, and rhpki-native-tools packages were updated to address\nsome anomalous behavior on the Solaris operating system. (BZ#600513,\nBZ#605760)\n\nAs well, this update provides an updated rhpki-manage package, which\nincludes installation and uninstall scripts for Red Hat Certificate System\nthat have been updated with the list of packages required by the Tomcat\ncomponent, and an updated dependency on the NSS and NSPR packages.\n\nAll users of Red Hat Certificate System are advised to upgrade to these\nupdated packages, which correct these issues. Refer to the Red Hat\nCertificate System Administration Guide, linked to in the References, for\ndetails on how to install the updated packages on the Solaris operating\nsystem. After installing this update, all Red Hat Certificate System\nsubsystems must be restarted (\"/etc/init.d/[instance-name] restart\") for\nthe update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0602",
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#moderate",
"url": "http://www.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html",
"url": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html"
},
{
"category": "external",
"summary": "200732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"
},
{
"category": "external",
"summary": "237079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
},
{
"category": "external",
"summary": "237080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
},
{
"category": "external",
"summary": "237084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
},
{
"category": "external",
"summary": "237085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
},
{
"category": "external",
"summary": "240423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
},
{
"category": "external",
"summary": "244658",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658"
},
{
"category": "external",
"summary": "244803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
},
{
"category": "external",
"summary": "245111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
},
{
"category": "external",
"summary": "245112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
},
{
"category": "external",
"summary": "247972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
},
{
"category": "external",
"summary": "247976",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
},
{
"category": "external",
"summary": "250731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731"
},
{
"category": "external",
"summary": "289511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"
},
{
"category": "external",
"summary": "323571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
},
{
"category": "external",
"summary": "333791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
},
{
"category": "external",
"summary": "419931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931"
},
{
"category": "external",
"summary": "427228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228"
},
{
"category": "external",
"summary": "427739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739"
},
{
"category": "external",
"summary": "427766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
},
{
"category": "external",
"summary": "429821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
},
{
"category": "external",
"summary": "443928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928"
},
{
"category": "external",
"summary": "451615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615"
},
{
"category": "external",
"summary": "457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "458250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250"
},
{
"category": "external",
"summary": "493381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
},
{
"category": "external",
"summary": "503928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
},
{
"category": "external",
"summary": "503978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
},
{
"category": "external",
"summary": "504390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390"
},
{
"category": "external",
"summary": "504555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555"
},
{
"category": "external",
"summary": "504753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
},
{
"category": "external",
"summary": "509125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
},
{
"category": "external",
"summary": "515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "521619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619"
},
{
"category": "external",
"summary": "522209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209"
},
{
"category": "external",
"summary": "570171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171"
},
{
"category": "external",
"summary": "596426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0602.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Certificate System 7.3 security update",
"tracking": {
"current_release_date": "2025-09-10T13:48:07+00:00",
"generator": {
"date": "2025-09-10T13:48:07+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2010:0602",
"initial_release_date": "2010-08-04T21:30:00+00:00",
"revision_history": [
{
"date": "2010-08-04T21:30:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-08-05T10:04:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T13:48:07+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4AS",
"product": {
"name": "Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4ES",
"product": {
"name": "Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Certificate System"
},
{
"branches": [
{
"category": "product_version",
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"product": {
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"product_id": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.3.02-2jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"product": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"product_id": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"product": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"product_id": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ant-0:1.6.5-1jpp_1rh.noarch",
"product": {
"name": "ant-0:1.6.5-1jpp_1rh.noarch",
"product_id": "ant-0:1.6.5-1jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"product": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"product_id": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "axis-0:1.2.1-1jpp_3rh.noarch",
"product": {
"name": "axis-0:1.2.1-1jpp_3rh.noarch",
"product_id": "axis-0:1.2.1-1jpp_3rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"product": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"product_id": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"product": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "log4j-0:1.2.12-1jpp_1rh.noarch",
"product": {
"name": "log4j-0:1.2.12-1jpp_1rh.noarch",
"product_id": "log4j-0:1.2.12-1jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"product": {
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"product_id": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"product": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-manage-0:7.3.0-19.el4.noarch",
"product": {
"name": "rhpki-manage-0:7.3.0-19.el4.noarch",
"product_id": "rhpki-manage-0:7.3.0-19.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-manage@7.3.0-19.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ca-0:7.3.0-20.el4.noarch",
"product": {
"name": "rhpki-ca-0:7.3.0-20.el4.noarch",
"product_id": "rhpki-ca-0:7.3.0-20.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ca@7.3.0-20.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-kra-0:7.3.0-14.el4.noarch",
"product": {
"name": "rhpki-kra-0:7.3.0-14.el4.noarch",
"product_id": "rhpki-kra-0:7.3.0-14.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-kra@7.3.0-14.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-tks-0:7.3.0-13.el4.noarch",
"product": {
"name": "rhpki-tks-0:7.3.0-13.el4.noarch",
"product_id": "rhpki-tks-0:7.3.0-13.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tks@7.3.0-13.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"product": {
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"product_id": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ocsp@7.3.0-13.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"product": {
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"product_id": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-java-tools@7.3.0-10.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-jms-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-jta-1.0.1B-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-deployment-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-ejb-2.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-servlet-2.4-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-specs-javadoc@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-1.4-apis@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-connector-1.5-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-jsp-2.0-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-management-1.0-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xml-commons-0:1.3.02-2jpp_1rh.src",
"product": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.src",
"product_id": "xml-commons-0:1.3.02-2jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"product": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"product_id": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "ant-0:1.6.5-1jpp_1rh.src",
"product": {
"name": "ant-0:1.6.5-1jpp_1rh.src",
"product_id": "ant-0:1.6.5-1jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "avalon-logkit-0:1.2-2jpp_4rh.src",
"product": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.src",
"product_id": "avalon-logkit-0:1.2-2jpp_4rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "axis-0:1.2.1-1jpp_3rh.src",
"product": {
"name": "axis-0:1.2.1-1jpp_3rh.src",
"product_id": "axis-0:1.2.1-1jpp_3rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"product": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"product_id": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"product": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "log4j-0:1.2.12-1jpp_1rh.src",
"product": {
"name": "log4j-0:1.2.12-1jpp_1rh.src",
"product_id": "log4j-0:1.2.12-1jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "mx4j-1:3.0.1-1jpp_4rh.src",
"product": {
"name": "mx4j-1:3.0.1-1jpp_4rh.src",
"product_id": "mx4j-1:3.0.1-1jpp_4rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"product": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=src"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-0:1.3.3-3.el4.src",
"product": {
"name": "pcsc-lite-0:1.3.3-3.el4.src",
"product_id": "pcsc-lite-0:1.3.3-3.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"product": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"product": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"product_id": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"product": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"product_id": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch"
},
"product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch"
},
"product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch"
},
"product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch"
},
"product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch"
},
"product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch"
},
"product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-2090",
"discovery_date": "2005-06-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237079"
}
],
"notes": [
{
"category": "description",
"text": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat multiple content-length header poisioning",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-2090"
},
{
"category": "external",
"summary": "RHBZ#237079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-2090",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090"
}
],
"release_date": "2005-06-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat multiple content-length header poisioning"
},
{
"cve": "CVE-2005-3510",
"discovery_date": "2005-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237085"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat DoS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-3510"
},
{
"category": "external",
"summary": "RHBZ#237085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-3510"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510"
}
],
"release_date": "2005-11-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat DoS"
},
{
"cve": "CVE-2006-3835",
"discovery_date": "2006-07-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237084"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat directory listing issue",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-3835"
},
{
"category": "external",
"summary": "RHBZ#237084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-3835",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3835"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835"
}
],
"release_date": "2006-07-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat directory listing issue"
},
{
"cve": "CVE-2006-3918",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2006-07-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "200732"
}
],
"notes": [
{
"category": "description",
"text": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Expect header XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-3918"
},
{
"category": "external",
"summary": "RHBZ#200732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-3918",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3918"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918"
}
],
"release_date": "2006-05-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Expect header XSS"
},
{
"cve": "CVE-2006-5752",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "245112"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd mod_status XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-5752"
},
{
"category": "external",
"summary": "RHBZ#245112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752"
}
],
"release_date": "2007-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd mod_status XSS"
},
{
"cve": "CVE-2007-0450",
"discovery_date": "2007-03-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237080"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat directory traversal",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-0450"
},
{
"category": "external",
"summary": "RHBZ#237080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450"
}
],
"release_date": "2007-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat directory traversal"
},
{
"cve": "CVE-2007-1349",
"discovery_date": "2007-05-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "240423"
}
],
"notes": [
{
"category": "description",
"text": "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_perl PerlRun denial of service",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-1349"
},
{
"category": "external",
"summary": "RHBZ#240423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-1349",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1349"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349"
}
],
"release_date": "2007-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mod_perl PerlRun denial of service"
},
{
"cve": "CVE-2007-1358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-04-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "244803"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat accept-language xss flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-1358"
},
{
"category": "external",
"summary": "RHBZ#244803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-1358",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358"
}
],
"release_date": "2007-06-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat accept-language xss flaw"
},
{
"cve": "CVE-2007-1863",
"discovery_date": "2007-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "244658"
}
],
"notes": [
{
"category": "description",
"text": "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd mod_cache segfault",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-1863"
},
{
"category": "external",
"summary": "RHBZ#244658",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-1863",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863"
}
],
"release_date": "2007-05-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd mod_cache segfault"
},
{
"cve": "CVE-2007-3304",
"discovery_date": "2007-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "245111"
}
],
"notes": [
{
"category": "description",
"text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd scoreboard lack of PID protection",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3304"
},
{
"category": "external",
"summary": "RHBZ#245111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3304",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3304"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304"
}
],
"release_date": "2007-06-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd scoreboard lack of PID protection"
},
{
"cve": "CVE-2007-3382",
"discovery_date": "2007-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "247972"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat handling of cookies",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3382"
},
{
"category": "external",
"summary": "RHBZ#247972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3382",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3382"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382"
}
],
"release_date": "2007-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat handling of cookies"
},
{
"cve": "CVE-2007-3385",
"discovery_date": "2007-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "247976"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat handling of cookie values",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3385"
},
{
"category": "external",
"summary": "RHBZ#247976",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3385",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385"
}
],
"release_date": "2007-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat handling of cookie values"
},
{
"cve": "CVE-2007-3847",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2007-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "250731"
}
],
"notes": [
{
"category": "description",
"text": "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: out of bounds read",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3847"
},
{
"category": "external",
"summary": "RHBZ#250731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3847",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847"
}
],
"release_date": "2007-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: out of bounds read"
},
{
"cve": "CVE-2007-4465",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "289511"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_autoindex XSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-4465"
},
{
"category": "external",
"summary": "RHBZ#289511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465"
}
],
"release_date": "2007-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mod_autoindex XSS"
},
{
"cve": "CVE-2007-5000",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-12-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "419931"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_imagemap XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5000"
},
{
"category": "external",
"summary": "RHBZ#419931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000"
}
],
"release_date": "2007-12-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_imagemap XSS"
},
{
"acknowledgments": [
{
"names": [
"Tavis Ormandy",
"Will Drewry"
]
}
],
"cve": "CVE-2007-5116",
"discovery_date": "2007-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "323571"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl regular expression UTF parsing errors",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5116"
},
{
"category": "external",
"summary": "RHBZ#323571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5116",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5116"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116"
}
],
"release_date": "2007-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "perl regular expression UTF parsing errors"
},
{
"cve": "CVE-2007-5333",
"discovery_date": "2008-01-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427766"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Improve cookie parsing for tomcat5",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5333"
},
{
"category": "external",
"summary": "RHBZ#427766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333"
}
],
"release_date": "2008-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Improve cookie parsing for tomcat5"
},
{
"cve": "CVE-2007-5461",
"discovery_date": "2007-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "333791"
}
],
"notes": [
{
"category": "description",
"text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Absolute path traversal Apache Tomcat WEBDAV",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5461"
},
{
"category": "external",
"summary": "RHBZ#333791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
}
],
"release_date": "2007-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Absolute path traversal Apache Tomcat WEBDAV"
},
{
"cve": "CVE-2007-6388",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427228"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache mod_status cross-site scripting",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-6388"
},
{
"category": "external",
"summary": "RHBZ#427228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388"
}
],
"release_date": "2007-12-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache mod_status cross-site scripting"
},
{
"cve": "CVE-2008-0005",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427739"
}
],
"notes": [
{
"category": "description",
"text": "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_proxy_ftp XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0005"
},
{
"category": "external",
"summary": "RHBZ#427739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0005",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005"
}
],
"release_date": "2008-01-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mod_proxy_ftp XSS"
},
{
"cve": "CVE-2008-0128",
"discovery_date": "2008-01-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "429821"
}
],
"notes": [
{
"category": "description",
"text": "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat5 SSO cookie login information disclosure",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0128"
},
{
"category": "external",
"summary": "RHBZ#429821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0128"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128"
}
],
"release_date": "2006-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat5 SSO cookie login information disclosure"
},
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-1927",
"discovery_date": "2008-04-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "443928"
}
],
"notes": [
{
"category": "description",
"text": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl: heap corruption by regular expressions with utf8 characters",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1927"
},
{
"category": "external",
"summary": "RHBZ#443928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1927",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927"
}
],
"release_date": "2007-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "perl: heap corruption by regular expressions with utf8 characters"
},
{
"cve": "CVE-2008-2364",
"discovery_date": "2008-05-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451615"
}
],
"notes": [
{
"category": "description",
"text": "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364\n\nThe Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2364"
},
{
"category": "external",
"summary": "RHBZ#451615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2364",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364"
}
],
"release_date": "2008-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2939",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "458250"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ftp globbing XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2939"
},
{
"category": "external",
"summary": "RHBZ#458250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2939",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2939"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939"
}
],
"release_date": "2008-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_proxy_ftp globbing XSS"
},
{
"cve": "CVE-2008-5515",
"discovery_date": "2009-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "504753"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat request dispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5515"
},
{
"category": "external",
"summary": "RHBZ#504753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
}
],
"release_date": "2009-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat request dispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2009-0023",
"discovery_date": "2009-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "503928"
}
],
"notes": [
{
"category": "description",
"text": "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util heap buffer underwrite",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0023"
},
{
"category": "external",
"summary": "RHBZ#503928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0023",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023"
}
],
"release_date": "2009-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util heap buffer underwrite"
},
{
"cve": "CVE-2009-0033",
"discovery_date": "2009-01-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "493381"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat6 Denial-Of-Service with AJP connection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0033"
},
{
"category": "external",
"summary": "RHBZ#493381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033"
}
],
"release_date": "2009-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat6 Denial-Of-Service with AJP connection"
},
{
"cve": "CVE-2009-0580",
"discovery_date": "2009-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "503978"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat6 Information disclosure in authentication classes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0580"
},
{
"category": "external",
"summary": "RHBZ#503978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580"
}
],
"release_date": "2009-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat6 Information disclosure in authentication classes"
},
{
"cve": "CVE-2009-1891",
"discovery_date": "2009-06-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "509125"
}
],
"notes": [
{
"category": "description",
"text": "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: possible temporary DoS (CPU consumption) in mod_deflate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1891"
},
{
"category": "external",
"summary": "RHBZ#509125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1891",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891"
}
],
"release_date": "2009-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: possible temporary DoS (CPU consumption) in mod_deflate"
},
{
"cve": "CVE-2009-1955",
"discovery_date": "2009-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "504555"
}
],
"notes": [
{
"category": "description",
"text": "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util billion laughs attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1955"
},
{
"category": "external",
"summary": "RHBZ#504555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1955",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1955"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955"
}
],
"release_date": "2009-06-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util billion laughs attack"
},
{
"cve": "CVE-2009-1956",
"discovery_date": "2009-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "504390"
}
],
"notes": [
{
"category": "description",
"text": "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util single NULL byte buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1956"
},
{
"category": "external",
"summary": "RHBZ#504390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1956",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956"
}
],
"release_date": "2009-04-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util single NULL byte buffer overflow"
},
{
"cve": "CVE-2009-2412",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2009-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "515698"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-2412"
},
{
"category": "external",
"summary": "RHBZ#515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412"
}
],
"release_date": "2009-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management"
},
{
"cve": "CVE-2009-3094",
"discovery_date": "2009-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "521619"
}
],
"notes": [
{
"category": "description",
"text": "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3094"
},
{
"category": "external",
"summary": "RHBZ#521619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3094"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094"
}
],
"release_date": "2009-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply"
},
{
"cve": "CVE-2009-3095",
"discovery_date": "2009-09-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "522209"
}
],
"notes": [
{
"category": "description",
"text": "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3095"
},
{
"category": "external",
"summary": "RHBZ#522209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3095",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3095"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095"
}
],
"release_date": "2009-09-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header"
},
{
"cve": "CVE-2009-4901",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2010-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "596426"
}
],
"notes": [
{
"category": "description",
"text": "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4901"
},
{
"category": "external",
"summary": "RHBZ#596426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4901",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages"
},
{
"cve": "CVE-2010-0407",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2010-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "596426"
}
],
"notes": [
{
"category": "description",
"text": "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0407"
},
{
"category": "external",
"summary": "RHBZ#596426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0407",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages"
},
{
"cve": "CVE-2010-0434",
"discovery_date": "2010-03-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "570171"
}
],
"notes": [
{
"category": "description",
"text": "The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: request header information leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0434"
},
{
"category": "external",
"summary": "RHBZ#570171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0434"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434"
}
],
"release_date": "2009-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: request header information leak"
}
]
}
RHSA-2008:0877
Vulnerability from csaf_redhat
Published
2008-09-22 13:32
Modified
2025-09-10 13:42
Summary
Red Hat Security Advisory: jbossweb security update
Notes
Topic
An updated jbossweb package that fixes various security issues is now
available for JBoss Enterprise Application Platform (JBoss EAP) 4.2 and
4.3.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
JBoss Web Server (jbossweb) is an enterprise ready web server designed for
medium and large applications, is based on Apache Tomcat, and is embedded
into JBoss Application Server. It provides organizations with a single
deployment platform for JavaServer Pages (JSP) and Java Servlet
technologies, Microsoft® .NET, PHP, and CGI.
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the jbossweb process. (CVE-2008-2938)
Users of jbossweb should upgrade to this updated package, which contains
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated jbossweb package that fixes various security issues is now\navailable for JBoss Enterprise Application Platform (JBoss EAP) 4.2 and\n4.3.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "JBoss Web Server (jbossweb) is an enterprise ready web server designed for\nmedium and large applications, is based on Apache Tomcat, and is embedded\ninto JBoss Application Server. It provides organizations with a single\ndeployment platform for JavaServer Pages (JSP) and Java Servlet\ntechnologies, Microsoft\u00ae .NET, PHP, and CGI.\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the jbossweb process. (CVE-2008-2938)\n\nUsers of jbossweb should upgrade to this updated package, which contains\nbackported patches to resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0877",
"url": "https://access.redhat.com/errata/RHSA-2008:0877"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0877.json"
}
],
"title": "Red Hat Security Advisory: jbossweb security update",
"tracking": {
"current_release_date": "2025-09-10T13:42:52+00:00",
"generator": {
"date": "2025-09-10T13:42:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2008:0877",
"initial_release_date": "2008-09-22T13:32:00+00:00",
"revision_history": [
{
"date": "2008-09-22T13:32:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-09-22T09:32:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T13:42:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"product": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"product_id": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"product": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"product_id": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"product": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"product_id": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"product": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"product_id": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jbossweb@2.0.0-5.CP07.0jpp.ep1.1.el5?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS",
"product_id": "4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4AS-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 ES",
"product_id": "4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"relates_to_product_reference": "4ES-JBEAP"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.2.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src as a component of Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server",
"product_id": "5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
},
"product_reference": "jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"relates_to_product_reference": "5Server-JBEAP-4.3.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-09-22T13:32:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0877"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-09-22T13:32:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0877"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2938",
"discovery_date": "2008-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "456120"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat Unicode directory traversal vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2938"
},
{
"category": "external",
"summary": "RHBZ#456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938"
}
],
"release_date": "2008-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-09-22T13:32:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4AS-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.noarch",
"4ES-JBEAP:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el4.src",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.2.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.noarch",
"5Server-JBEAP-4.3.0:jbossweb-0:2.0.0-5.CP07.0jpp.ep1.1.el5.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0877"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat Unicode directory traversal vulnerability"
}
]
}
rhsa-2010_0602
Vulnerability from csaf_redhat
Published
2010-08-04 21:30
Modified
2024-12-15 18:14
Summary
Red Hat Security Advisory: Red Hat Certificate System 7.3 security update
Notes
Topic
Updated packages that fix multiple security issues and rebase various
components are now available for Red Hat Certificate System 7.3.
The Red Hat Security Response Team has rated this update as having moderate
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.
Details
Red Hat Certificate System (RHCS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
Multiple buffer overflow flaws were discovered in the way the pcscd daemon,
a resource manager that coordinates communications with smart card readers
and smart cards connected to the system, handled client requests. A local
user could create a specially-crafted request that would cause the pcscd
daemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,
CVE-2009-4901)
This erratum updates the Tomcat component shipped as part of Red Hat
Certificate System to version 5.5.23, to address multiple security issues.
In a typical operating environment, Tomcat is not exposed to users of
Certificate System in a vulnerable manner. These security updates will
reduce risk in unique Certificate System environments. (CVE-2005-2090,
CVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,
CVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,
CVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)
This erratum provides updated versions of the following components,
required by the updated Tomcat version: ant, avalon-logkit, axis,
classpathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,
log4j, mx4j, xerces-j2, and xml-commons.
A number of components have been updated to fix security issues for users
of Red Hat Certificate System for the Solaris operating system. These fixes
are for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,
CVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues
CVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,
CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,
CVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and
CVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116
and CVE-2008-1927.
Note: Updated apr, apr-util, httpd, mod_perl, and perl packages were
previously available to users of Red Hat Certificate System for Red Hat
Enterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat
Network.
Additionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,
rhpki-java-tools, and rhpki-native-tools packages were updated to address
some anomalous behavior on the Solaris operating system. (BZ#600513,
BZ#605760)
As well, this update provides an updated rhpki-manage package, which
includes installation and uninstall scripts for Red Hat Certificate System
that have been updated with the list of packages required by the Tomcat
component, and an updated dependency on the NSS and NSPR packages.
All users of Red Hat Certificate System are advised to upgrade to these
updated packages, which correct these issues. Refer to the Red Hat
Certificate System Administration Guide, linked to in the References, for
details on how to install the updated packages on the Solaris operating
system. After installing this update, all Red Hat Certificate System
subsystems must be restarted ("/etc/init.d/[instance-name] restart") for
the update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated packages that fix multiple security issues and rebase various\ncomponents are now available for Red Hat Certificate System 7.3.\n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Certificate System (RHCS) is an enterprise software system designed\nto manage enterprise Public Key Infrastructure (PKI) deployments.\n\nMultiple buffer overflow flaws were discovered in the way the pcscd daemon,\na resource manager that coordinates communications with smart card readers\nand smart cards connected to the system, handled client requests. A local\nuser could create a specially-crafted request that would cause the pcscd\ndaemon to crash or, possibly, execute arbitrary code. (CVE-2010-0407,\nCVE-2009-4901)\n\nThis erratum updates the Tomcat component shipped as part of Red Hat\nCertificate System to version 5.5.23, to address multiple security issues.\nIn a typical operating environment, Tomcat is not exposed to users of\nCertificate System in a vulnerable manner. These security updates will\nreduce risk in unique Certificate System environments. (CVE-2005-2090,\nCVE-2005-3510, CVE-2006-3835, CVE-2007-0450, CVE-2007-1358, CVE-2007-3382,\nCVE-2007-3385, CVE-2007-5461, CVE-2007-5333, CVE-2008-0128, CVE-2008-1232,\nCVE-2008-2370, CVE-2008-5515, CVE-2009-0033, CVE-2009-0580)\n\nThis erratum provides updated versions of the following components,\nrequired by the updated Tomcat version: ant, avalon-logkit, axis,\nclasspathx-jaf, classpathx-mail, geronimo-specs, jakarta-commons-modeler,\nlog4j, mx4j, xerces-j2, and xml-commons.\n\nA number of components have been updated to fix security issues for users\nof Red Hat Certificate System for the Solaris operating system. These fixes\nare for apr issue CVE-2009-2412; apr-util issues CVE-2009-0023,\nCVE-2009-1955, CVE-2009-1956, and CVE-2009-2412; httpd issues\nCVE-2006-3918, CVE-2006-5752, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847,\nCVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2008-2364,\nCVE-2008-2939, CVE-2009-1891, CVE-2009-3094, CVE-2009-3095, and\nCVE-2010-0434; mod_perl issue CVE-2007-1349; and perl issues CVE-2007-5116\nand CVE-2008-1927.\n\nNote: Updated apr, apr-util, httpd, mod_perl, and perl packages were\npreviously available to users of Red Hat Certificate System for Red Hat\nEnterprise Linux via the Red Hat Enterprise Linux 4 channels on the Red Hat\nNetwork.\n\nAdditionally, the rhpki-ca, rhpki-kra, rhpki-ocsp, rhpki-tks,\nrhpki-java-tools, and rhpki-native-tools packages were updated to address\nsome anomalous behavior on the Solaris operating system. (BZ#600513,\nBZ#605760)\n\nAs well, this update provides an updated rhpki-manage package, which\nincludes installation and uninstall scripts for Red Hat Certificate System\nthat have been updated with the list of packages required by the Tomcat\ncomponent, and an updated dependency on the NSS and NSPR packages.\n\nAll users of Red Hat Certificate System are advised to upgrade to these\nupdated packages, which correct these issues. Refer to the Red Hat\nCertificate System Administration Guide, linked to in the References, for\ndetails on how to install the updated packages on the Solaris operating\nsystem. After installing this update, all Red Hat Certificate System\nsubsystems must be restarted (\"/etc/init.d/[instance-name] restart\") for\nthe update to take effect.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0602",
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#moderate",
"url": "http://www.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html",
"url": "http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Updating_Certificate_System_Packages-Updating_a_Solaris_9_system_using_pkgrm_and_pkgadd.html"
},
{
"category": "external",
"summary": "200732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"
},
{
"category": "external",
"summary": "237079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
},
{
"category": "external",
"summary": "237080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
},
{
"category": "external",
"summary": "237084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
},
{
"category": "external",
"summary": "237085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
},
{
"category": "external",
"summary": "240423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
},
{
"category": "external",
"summary": "244658",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658"
},
{
"category": "external",
"summary": "244803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
},
{
"category": "external",
"summary": "245111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
},
{
"category": "external",
"summary": "245112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
},
{
"category": "external",
"summary": "247972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
},
{
"category": "external",
"summary": "247976",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
},
{
"category": "external",
"summary": "250731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731"
},
{
"category": "external",
"summary": "289511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"
},
{
"category": "external",
"summary": "323571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
},
{
"category": "external",
"summary": "333791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
},
{
"category": "external",
"summary": "419931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931"
},
{
"category": "external",
"summary": "427228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228"
},
{
"category": "external",
"summary": "427739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739"
},
{
"category": "external",
"summary": "427766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
},
{
"category": "external",
"summary": "429821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
},
{
"category": "external",
"summary": "443928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928"
},
{
"category": "external",
"summary": "451615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615"
},
{
"category": "external",
"summary": "457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "458250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250"
},
{
"category": "external",
"summary": "493381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
},
{
"category": "external",
"summary": "503928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
},
{
"category": "external",
"summary": "503978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
},
{
"category": "external",
"summary": "504390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390"
},
{
"category": "external",
"summary": "504555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555"
},
{
"category": "external",
"summary": "504753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
},
{
"category": "external",
"summary": "509125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
},
{
"category": "external",
"summary": "515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "521619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619"
},
{
"category": "external",
"summary": "522209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209"
},
{
"category": "external",
"summary": "570171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171"
},
{
"category": "external",
"summary": "596426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0602.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Certificate System 7.3 security update",
"tracking": {
"current_release_date": "2024-12-15T18:14:44+00:00",
"generator": {
"date": "2024-12-15T18:14:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2010:0602",
"initial_release_date": "2010-08-04T21:30:00+00:00",
"revision_history": [
{
"date": "2010-08-04T21:30:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-08-05T10:04:51+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-15T18:14:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4AS",
"product": {
"name": "Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Certificate System 7.3 for 4ES",
"product": {
"name": "Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:certificate_system:7.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Certificate System"
},
{
"branches": [
{
"category": "product_version",
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"product": {
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"product_id": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons-apis@1.3.02-2jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"product": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"product_id": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"product": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"product_id": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ant-0:1.6.5-1jpp_1rh.noarch",
"product": {
"name": "ant-0:1.6.5-1jpp_1rh.noarch",
"product_id": "ant-0:1.6.5-1jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"product": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"product_id": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "axis-0:1.2.1-1jpp_3rh.noarch",
"product": {
"name": "axis-0:1.2.1-1jpp_3rh.noarch",
"product_id": "axis-0:1.2.1-1jpp_3rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"product": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"product_id": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"product": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "log4j-0:1.2.12-1jpp_1rh.noarch",
"product": {
"name": "log4j-0:1.2.12-1jpp_1rh.noarch",
"product_id": "log4j-0:1.2.12-1jpp_1rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"product": {
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"product_id": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"product": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.16?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-manage-0:7.3.0-19.el4.noarch",
"product": {
"name": "rhpki-manage-0:7.3.0-19.el4.noarch",
"product_id": "rhpki-manage-0:7.3.0-19.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-manage@7.3.0-19.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ca-0:7.3.0-20.el4.noarch",
"product": {
"name": "rhpki-ca-0:7.3.0-20.el4.noarch",
"product_id": "rhpki-ca-0:7.3.0-20.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ca@7.3.0-20.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-kra-0:7.3.0-14.el4.noarch",
"product": {
"name": "rhpki-kra-0:7.3.0-14.el4.noarch",
"product_id": "rhpki-kra-0:7.3.0-14.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-kra@7.3.0-14.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-tks-0:7.3.0-13.el4.noarch",
"product": {
"name": "rhpki-tks-0:7.3.0-13.el4.noarch",
"product_id": "rhpki-tks-0:7.3.0-13.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-tks@7.3.0-13.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"product": {
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"product_id": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-ocsp@7.3.0-13.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"product": {
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"product_id": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-java-tools@7.3.0-10.el4?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-jms-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-jta-1.0.1B-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-deployment-1.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-ejb-2.1-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-servlet-2.4-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-specs-javadoc@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-1.4-apis@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-connector-1.5-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-jsp-2.0-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product": {
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_id": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-j2ee-management-1.0-api@1.0-0.M4.1jpp_10rh?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xml-commons-0:1.3.02-2jpp_1rh.src",
"product": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.src",
"product_id": "xml-commons-0:1.3.02-2jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xml-commons@1.3.02-2jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"product": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"product_id": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/xerces-j2@2.7.1-1jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "ant-0:1.6.5-1jpp_1rh.src",
"product": {
"name": "ant-0:1.6.5-1jpp_1rh.src",
"product_id": "ant-0:1.6.5-1jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ant@1.6.5-1jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "avalon-logkit-0:1.2-2jpp_4rh.src",
"product": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.src",
"product_id": "avalon-logkit-0:1.2-2jpp_4rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/avalon-logkit@1.2-2jpp_4rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "axis-0:1.2.1-1jpp_3rh.src",
"product": {
"name": "axis-0:1.2.1-1jpp_3rh.src",
"product_id": "axis-0:1.2.1-1jpp_3rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/axis@1.2.1-1jpp_3rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"product": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"product_id": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-jaf@1.0-2jpp_6rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"product": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"product_id": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/classpathx-mail@1.1.1-2jpp_8rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "log4j-0:1.2.12-1jpp_1rh.src",
"product": {
"name": "log4j-0:1.2.12-1jpp_1rh.src",
"product_id": "log4j-0:1.2.12-1jpp_1rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/log4j@1.2.12-1jpp_1rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "mx4j-1:3.0.1-1jpp_4rh.src",
"product": {
"name": "mx4j-1:3.0.1-1jpp_4rh.src",
"product_id": "mx4j-1:3.0.1-1jpp_4rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/mx4j@3.0.1-1jpp_4rh?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"product": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"product_id": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/jakarta-commons-modeler@2.0-3jpp_2rh?arch=src"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"product_id": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.16?arch=src"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-0:1.3.3-3.el4.src",
"product": {
"name": "pcsc-lite-0:1.3.3-3.el4.src",
"product_id": "pcsc-lite-0:1.3.3-3.el4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=src"
}
}
},
{
"category": "product_version",
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"product": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"product_id": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/geronimo-specs@1.0-0.M4.1jpp_10rh?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"product": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"product_id": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"product": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"product_id": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"product": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"product_id": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhpki-native-tools@7.3.0-6.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-debuginfo@1.3.3-3.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-doc@1.3.3-3.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite@1.3.3-3.el4?arch=i386"
}
}
},
{
"category": "product_version",
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"product": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"product_id": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcsc-lite-libs@1.3.3-3.el4?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch"
},
"product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch"
},
"product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch"
},
"product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4AS",
"product_id": "4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4AS-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ant-0:1.6.5-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src"
},
"product_reference": "ant-0:1.6.5-1jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "avalon-logkit-0:1.2-2jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src"
},
"product_reference": "avalon-logkit-0:1.2-2jpp_4rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "axis-0:1.2.1-1jpp_3rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src"
},
"product_reference": "axis-0:1.2.1-1jpp_3rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-jaf-0:1.0-2jpp_6rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src"
},
"product_reference": "classpathx-jaf-0:1.0-2jpp_6rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "classpathx-mail-0:1.1.1-2jpp_8rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src"
},
"product_reference": "classpathx-mail-0:1.1.1-2jpp_8rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src"
},
"product_reference": "geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch"
},
"product_reference": "geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src"
},
"product_reference": "jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "log4j-0:1.2.12-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src"
},
"product_reference": "log4j-0:1.2.12-1jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mx4j-1:3.0.1-1jpp_4rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src"
},
"product_reference": "mx4j-1:3.0.1-1jpp_4rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64"
},
"product_reference": "pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ca-0:7.3.0-20.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch"
},
"product_reference": "rhpki-ca-0:7.3.0-20.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-java-tools-0:7.3.0-10.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch"
},
"product_reference": "rhpki-java-tools-0:7.3.0-10.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-kra-0:7.3.0-14.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch"
},
"product_reference": "rhpki-kra-0:7.3.0-14.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-manage-0:7.3.0-19.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch"
},
"product_reference": "rhpki-manage-0:7.3.0-19.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.i386 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.i386",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-native-tools-0:7.3.0-6.el4.x86_64 as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64"
},
"product_reference": "rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-ocsp-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-ocsp-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhpki-tks-0:7.3.0-13.el4.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch"
},
"product_reference": "rhpki-tks-0:7.3.0-13.el4.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.16.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.16.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xerces-j2-0:2.7.1-1jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src"
},
"product_reference": "xerces-j2-0:2.7.1-1jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-0:1.3.02-2jpp_1rh.src as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src"
},
"product_reference": "xml-commons-0:1.3.02-2jpp_1rh.src",
"relates_to_product_reference": "4ES-CERT-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch as a component of Red Hat Certificate System 7.3 for 4ES",
"product_id": "4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
},
"product_reference": "xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"relates_to_product_reference": "4ES-CERT-7.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-2090",
"discovery_date": "2005-06-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237079"
}
],
"notes": [
{
"category": "description",
"text": "Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a \"Transfer-Encoding: chunked\" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka \"HTTP Request Smuggling.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat multiple content-length header poisioning",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-2090"
},
{
"category": "external",
"summary": "RHBZ#237079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237079"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-2090",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2090"
}
],
"release_date": "2005-06-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat multiple content-length header poisioning"
},
{
"cve": "CVE-2005-3510",
"discovery_date": "2005-11-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237085"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat DoS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-3510"
},
{
"category": "external",
"summary": "RHBZ#237085",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237085"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-3510"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510"
}
],
"release_date": "2005-11-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat DoS"
},
{
"cve": "CVE-2006-3835",
"discovery_date": "2006-07-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237084"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat directory listing issue",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.\n\nDetails on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-3835"
},
{
"category": "external",
"summary": "RHBZ#237084",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237084"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-3835",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3835"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3835"
}
],
"release_date": "2006-07-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat directory listing issue"
},
{
"cve": "CVE-2006-3918",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2006-07-31T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "200732"
}
],
"notes": [
{
"category": "description",
"text": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: Expect header XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-3918"
},
{
"category": "external",
"summary": "RHBZ#200732",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-3918",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3918"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918"
}
],
"release_date": "2006-05-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: Expect header XSS"
},
{
"cve": "CVE-2006-5752",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-06-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "245112"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform \"charset detection\" when the content-type is not specified.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd mod_status XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2006-5752"
},
{
"category": "external",
"summary": "RHBZ#245112",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245112"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2006-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-5752"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5752"
}
],
"release_date": "2007-06-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd mod_status XSS"
},
{
"cve": "CVE-2007-0450",
"discovery_date": "2007-03-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "237080"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) \"/\" (slash), (2) \"\\\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat directory traversal",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-0450"
},
{
"category": "external",
"summary": "RHBZ#237080",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=237080"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0450"
}
],
"release_date": "2007-03-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat directory traversal"
},
{
"cve": "CVE-2007-1349",
"discovery_date": "2007-05-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "240423"
}
],
"notes": [
{
"category": "description",
"text": "PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_perl PerlRun denial of service",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-1349"
},
{
"category": "external",
"summary": "RHBZ#240423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=240423"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-1349",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1349"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1349"
}
],
"release_date": "2007-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mod_perl PerlRun denial of service"
},
{
"cve": "CVE-2007-1358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-04-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "244803"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted \"Accept-Language headers that do not conform to RFC 2616\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat accept-language xss flaw",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-1358"
},
{
"category": "external",
"summary": "RHBZ#244803",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244803"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-1358",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1358"
}
],
"release_date": "2007-06-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat accept-language xss flaw"
},
{
"cve": "CVE-2007-1863",
"discovery_date": "2007-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "244658"
}
],
"notes": [
{
"category": "description",
"text": "cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler crash) via a request with the (1) s-maxage, (2) max-age, (3) min-fresh, or (4) max-stale Cache-Control headers without a value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd mod_cache segfault",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-1863"
},
{
"category": "external",
"summary": "RHBZ#244658",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=244658"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-1863",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1863"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1863"
}
],
"release_date": "2007-05-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd mod_cache segfault"
},
{
"cve": "CVE-2007-3304",
"discovery_date": "2007-06-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "245111"
}
],
"notes": [
{
"category": "description",
"text": "Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka \"SIGUSR1 killer.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd scoreboard lack of PID protection",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3304"
},
{
"category": "external",
"summary": "RHBZ#245111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=245111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3304",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3304"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3304"
}
],
"release_date": "2007-06-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd scoreboard lack of PID protection"
},
{
"cve": "CVE-2007-3382",
"discovery_date": "2007-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "247972"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes (\"\u0027\") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat handling of cookies",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3382"
},
{
"category": "external",
"summary": "RHBZ#247972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3382",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3382"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3382"
}
],
"release_date": "2007-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat handling of cookies"
},
{
"cve": "CVE-2007-3385",
"discovery_date": "2007-07-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "247976"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \\\" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat handling of cookie values",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3385"
},
{
"category": "external",
"summary": "RHBZ#247976",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=247976"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3385",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3385"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3385"
}
],
"release_date": "2007-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat handling of cookie values"
},
{
"cve": "CVE-2007-3847",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2007-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "250731"
}
],
"notes": [
{
"category": "description",
"text": "The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows remote origin servers to cause a denial of service (caching forward proxy process crash) via crafted date headers that trigger a buffer over-read.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: out of bounds read",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-3847"
},
{
"category": "external",
"summary": "RHBZ#250731",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=250731"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-3847",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3847"
}
],
"release_date": "2007-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: out of bounds read"
},
{
"cve": "CVE-2007-4465",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-09-13T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "289511"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_autoindex XSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the \"AddDefaultCharset\" directive and are using directory indexes. The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-4465"
},
{
"category": "external",
"summary": "RHBZ#289511",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=289511"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-4465",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-4465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-4465"
}
],
"release_date": "2007-09-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mod_autoindex XSS"
},
{
"cve": "CVE-2007-5000",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2007-12-11T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "419931"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_imagemap XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5000"
},
{
"category": "external",
"summary": "RHBZ#419931",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=419931"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5000",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5000"
}
],
"release_date": "2007-12-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_imagemap XSS"
},
{
"acknowledgments": [
{
"names": [
"Tavis Ormandy",
"Will Drewry"
]
}
],
"cve": "CVE-2007-5116",
"discovery_date": "2007-09-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "323571"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl regular expression UTF parsing errors",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5116"
},
{
"category": "external",
"summary": "RHBZ#323571",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=323571"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5116",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5116"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5116"
}
],
"release_date": "2007-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "perl regular expression UTF parsing errors"
},
{
"cve": "CVE-2007-5333",
"discovery_date": "2008-01-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427766"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (\") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks. NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Improve cookie parsing for tomcat5",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333\n\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5333"
},
{
"category": "external",
"summary": "RHBZ#427766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427766"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5333",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5333"
}
],
"release_date": "2008-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Improve cookie parsing for tomcat5"
},
{
"cve": "CVE-2007-5461",
"discovery_date": "2007-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "333791"
}
],
"notes": [
{
"category": "description",
"text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Absolute path traversal Apache Tomcat WEBDAV",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5461"
},
{
"category": "external",
"summary": "RHBZ#333791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
}
],
"release_date": "2007-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Absolute path traversal Apache Tomcat WEBDAV"
},
{
"cve": "CVE-2007-6388",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427228"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache mod_status cross-site scripting",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-6388"
},
{
"category": "external",
"summary": "RHBZ#427228",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427228"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-6388",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6388"
}
],
"release_date": "2007-12-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache mod_status cross-site scripting"
},
{
"cve": "CVE-2008-0005",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-01-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427739"
}
],
"notes": [
{
"category": "description",
"text": "mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mod_proxy_ftp XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0005"
},
{
"category": "external",
"summary": "RHBZ#427739",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427739"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0005",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0005"
}
],
"release_date": "2008-01-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "mod_proxy_ftp XSS"
},
{
"cve": "CVE-2008-0128",
"discovery_date": "2008-01-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "429821"
}
],
"notes": [
{
"category": "description",
"text": "The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat5 SSO cookie login information disclosure",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-0128"
},
{
"category": "external",
"summary": "RHBZ#429821",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429821"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0128"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-0128"
}
],
"release_date": "2006-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat5 SSO cookie login information disclosure"
},
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-1927",
"discovery_date": "2008-04-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "443928"
}
],
"notes": [
{
"category": "description",
"text": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "perl: heap corruption by regular expressions with utf8 characters",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1927"
},
{
"category": "external",
"summary": "RHBZ#443928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=443928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1927",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1927"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1927"
}
],
"release_date": "2007-12-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "perl: heap corruption by regular expressions with utf8 characters"
},
{
"cve": "CVE-2008-2364",
"discovery_date": "2008-05-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "451615"
}
],
"notes": [
{
"category": "description",
"text": "The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364\n\nThe Red Hat Product Security has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2364"
},
{
"category": "external",
"summary": "RHBZ#451615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=451615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2364",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2364"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2364"
}
],
"release_date": "2008-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: mod_proxy_http DoS via excessive interim responses from the origin server"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2939",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "458250"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ftp globbing XSS",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2939"
},
{
"category": "external",
"summary": "RHBZ#458250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458250"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2939",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2939"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2939"
}
],
"release_date": "2008-08-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_proxy_ftp globbing XSS"
},
{
"cve": "CVE-2008-5515",
"discovery_date": "2009-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "504753"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat request dispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-5515"
},
{
"category": "external",
"summary": "RHBZ#504753",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504753"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-5515",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5515"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-5515"
}
],
"release_date": "2009-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat request dispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2009-0023",
"discovery_date": "2009-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "503928"
}
],
"notes": [
{
"category": "description",
"text": "The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util heap buffer underwrite",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0023"
},
{
"category": "external",
"summary": "RHBZ#503928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503928"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0023",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0023"
}
],
"release_date": "2009-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util heap buffer underwrite"
},
{
"cve": "CVE-2009-0033",
"discovery_date": "2009-01-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "493381"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat6 Denial-Of-Service with AJP connection",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0033"
},
{
"category": "external",
"summary": "RHBZ#493381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=493381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0033"
}
],
"release_date": "2009-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat6 Denial-Of-Service with AJP connection"
},
{
"cve": "CVE-2009-0580",
"discovery_date": "2009-06-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "503978"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat6 Information disclosure in authentication classes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-0580"
},
{
"category": "external",
"summary": "RHBZ#503978",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503978"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-0580",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0580"
}
],
"release_date": "2009-06-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat6 Information disclosure in authentication classes"
},
{
"cve": "CVE-2009-1891",
"discovery_date": "2009-06-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "509125"
}
],
"notes": [
{
"category": "description",
"text": "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: possible temporary DoS (CPU consumption) in mod_deflate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1891"
},
{
"category": "external",
"summary": "RHBZ#509125",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1891",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1891"
}
],
"release_date": "2009-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: possible temporary DoS (CPU consumption) in mod_deflate"
},
{
"cve": "CVE-2009-1955",
"discovery_date": "2009-06-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "504555"
}
],
"notes": [
{
"category": "description",
"text": "The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util billion laughs attack",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1955"
},
{
"category": "external",
"summary": "RHBZ#504555",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504555"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1955",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1955"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1955"
}
],
"release_date": "2009-06-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util billion laughs attack"
},
{
"cve": "CVE-2009-1956",
"discovery_date": "2009-06-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "504390"
}
],
"notes": [
{
"category": "description",
"text": "Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util single NULL byte buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-1956"
},
{
"category": "external",
"summary": "RHBZ#504390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-1956",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-1956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1956"
}
],
"release_date": "2009-04-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util single NULL byte buffer overflow"
},
{
"cve": "CVE-2009-2412",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2009-07-30T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "515698"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-2412"
},
{
"category": "external",
"summary": "RHBZ#515698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2412"
}
],
"release_date": "2009-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apr-util: Integer overflows in memory pool (apr) and relocatable memory (apr-util) management"
},
{
"cve": "CVE-2009-3094",
"discovery_date": "2009-09-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "521619"
}
],
"notes": [
{
"category": "description",
"text": "The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3094"
},
{
"category": "external",
"summary": "RHBZ#521619",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=521619"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3094",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3094"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3094"
}
],
"release_date": "2009-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply"
},
{
"cve": "CVE-2009-3095",
"discovery_date": "2009-09-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "522209"
}
],
"notes": [
{
"category": "description",
"text": "The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3095"
},
{
"category": "external",
"summary": "RHBZ#522209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3095",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3095"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3095"
}
],
"release_date": "2009-09-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header"
},
{
"cve": "CVE-2009-4901",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2010-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "596426"
}
],
"notes": [
{
"category": "description",
"text": "The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service (daemon crash) via crafted SCARD_SET_ATTRIB message data, which is improperly demarshalled and triggers a buffer over-read, a related issue to CVE-2010-0407.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4901"
},
{
"category": "external",
"summary": "RHBZ#596426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4901",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4901"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages"
},
{
"cve": "CVE-2010-0407",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2010-05-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "596426"
}
],
"notes": [
{
"category": "description",
"text": "Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0407"
},
{
"category": "external",
"summary": "RHBZ#596426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=596426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0407",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0407"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0407"
}
],
"release_date": "2010-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages"
},
{
"cve": "CVE-2010-0434",
"discovery_date": "2010-03-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "570171"
}
],
"notes": [
{
"category": "description",
"text": "The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: request header information leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2010-0434"
},
{
"category": "external",
"summary": "RHBZ#570171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=570171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2010-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0434"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0434"
}
],
"release_date": "2009-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-08-04T21:30:00+00:00",
"details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0602"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"products": [
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4AS-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4AS-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4AS-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4AS-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4AS-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4AS-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4AS-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4AS-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4AS-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4AS-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4AS-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4AS-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4AS-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4AS-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4AS-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4AS-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4AS-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4AS-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4AS-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4AS-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4AS-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4AS-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.noarch",
"4ES-CERT-7.3:ant-0:1.6.5-1jpp_1rh.src",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.noarch",
"4ES-CERT-7.3:avalon-logkit-0:1.2-2jpp_4rh.src",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.noarch",
"4ES-CERT-7.3:axis-0:1.2.1-1jpp_3rh.src",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.noarch",
"4ES-CERT-7.3:classpathx-jaf-0:1.0-2jpp_6rh.src",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.noarch",
"4ES-CERT-7.3:classpathx-mail-0:1.1.1-2jpp_8rh.src",
"4ES-CERT-7.3:geronimo-ejb-2.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-1.4-apis-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-connector-1.5-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-deployment-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-j2ee-management-1.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jms-1.1-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jsp-2.0-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-jta-1.0.1B-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-servlet-2.4-api-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:geronimo-specs-0:1.0-0.M4.1jpp_10rh.src",
"4ES-CERT-7.3:geronimo-specs-javadoc-0:1.0-0.M4.1jpp_10rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.noarch",
"4ES-CERT-7.3:jakarta-commons-modeler-0:2.0-3jpp_2rh.src",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.noarch",
"4ES-CERT-7.3:log4j-0:1.2.12-1jpp_1rh.src",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.noarch",
"4ES-CERT-7.3:mx4j-1:3.0.1-1jpp_4rh.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.src",
"4ES-CERT-7.3:pcsc-lite-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-debuginfo-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-doc-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.i386",
"4ES-CERT-7.3:pcsc-lite-libs-0:1.3.3-3.el4.x86_64",
"4ES-CERT-7.3:rhpki-ca-0:7.3.0-20.el4.noarch",
"4ES-CERT-7.3:rhpki-java-tools-0:7.3.0-10.el4.noarch",
"4ES-CERT-7.3:rhpki-kra-0:7.3.0-14.el4.noarch",
"4ES-CERT-7.3:rhpki-manage-0:7.3.0-19.el4.noarch",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.i386",
"4ES-CERT-7.3:rhpki-native-tools-0:7.3.0-6.el4.x86_64",
"4ES-CERT-7.3:rhpki-ocsp-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:rhpki-tks-0:7.3.0-13.el4.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-0:5.5.23-0jpp_4rh.16.src",
"4ES-CERT-7.3:tomcat5-common-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jasper-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-server-lib-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.16.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.noarch",
"4ES-CERT-7.3:xerces-j2-0:2.7.1-1jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.noarch",
"4ES-CERT-7.3:xml-commons-0:1.3.02-2jpp_1rh.src",
"4ES-CERT-7.3:xml-commons-apis-0:1.3.02-2jpp_1rh.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "httpd: request header information leak"
}
]
}
RHSA-2008:0864
Vulnerability from csaf_redhat
Published
2008-10-02 14:02
Modified
2025-09-10 13:42
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix multiple security issues are now available
for Red Hat Developer Suite 3.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)
An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)
Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated tomcat packages that fix multiple security issues are now available\nfor Red Hat Developer Suite 3.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0864",
"url": "https://access.redhat.com/errata/RHSA-2008:0864"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-5.html",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"category": "external",
"summary": "446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0864.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2025-09-10T13:42:51+00:00",
"generator": {
"date": "2025-09-10T13:42:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2008:0864",
"initial_release_date": "2008-10-02T14:02:00+00:00",
"revision_history": [
{
"date": "2008-10-02T14:02:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-10-02T10:02:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T13:42:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Suite v.3 (AS v.4)",
"product": {
"name": "Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_developer_suite:3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Suite v.3"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_12rh.src",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_12rh.src",
"product_id": "tomcat5-0:5.5.23-0jpp_12rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_12rh?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_12rh.noarch",
"product_id": "tomcat5-0:5.5.23-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_12rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_12rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_12rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_12rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_12rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_12rh?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-DS3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_12rh.src as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_12rh.src",
"relates_to_product_reference": "4AS-DS3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-DS3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-DS3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-DS3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-DS3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-DS3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:02:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0864"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-1947",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "446393"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat host manager xss - name field",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1947"
},
{
"category": "external",
"summary": "RHBZ#446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1947",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947"
}
],
"release_date": "2008-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:02:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0864"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Tomcat host manager xss - name field"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:02:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0864"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2938",
"discovery_date": "2008-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "456120"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat Unicode directory traversal vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2938"
},
{
"category": "external",
"summary": "RHBZ#456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938"
}
],
"release_date": "2008-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:02:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0864"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat Unicode directory traversal vulnerability"
}
]
}
rhsa-2008_0864
Vulnerability from csaf_redhat
Published
2008-10-02 14:02
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix multiple security issues are now available
for Red Hat Developer Suite 3.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)
An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)
Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated tomcat packages that fix multiple security issues are now available\nfor Red Hat Developer Suite 3.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0864",
"url": "https://access.redhat.com/errata/RHSA-2008:0864"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-5.html",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"category": "external",
"summary": "446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0864.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2024-11-22T02:13:34+00:00",
"generator": {
"date": "2024-11-22T02:13:34+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2008:0864",
"initial_release_date": "2008-10-02T14:02:00+00:00",
"revision_history": [
{
"date": "2008-10-02T14:02:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-10-02T10:02:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T02:13:34+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Suite v.3 (AS v.4)",
"product": {
"name": "Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_developer_suite:3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Suite v.3"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_12rh.src",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_12rh.src",
"product_id": "tomcat5-0:5.5.23-0jpp_12rh.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_12rh?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_12rh.noarch",
"product_id": "tomcat5-0:5.5.23-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_12rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_12rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_12rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_12rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_12rh?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_12rh?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-DS3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_12rh.src as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_12rh.src",
"relates_to_product_reference": "4AS-DS3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-DS3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-DS3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-DS3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-DS3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch as a component of Red Hat Developer Suite v.3 (AS v.4)",
"product_id": "4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-DS3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:02:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0864"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-1947",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "446393"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat host manager xss - name field",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1947"
},
{
"category": "external",
"summary": "RHBZ#446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1947",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947"
}
],
"release_date": "2008-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:02:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0864"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Tomcat host manager xss - name field"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:02:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0864"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2938",
"discovery_date": "2008-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "456120"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat Unicode directory traversal vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2938"
},
{
"category": "external",
"summary": "RHBZ#456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938"
}
],
"release_date": "2008-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:02:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-0:5.5.23-0jpp_12rh.src",
"4AS-DS3:tomcat5-common-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jasper-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-server-lib-0:5.5.23-0jpp_12rh.noarch",
"4AS-DS3:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0864"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat Unicode directory traversal vulnerability"
}
]
}
rhsa-2008_0648
Vulnerability from csaf_redhat
Published
2008-08-27 17:13
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix several security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)
An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)
Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0648",
"url": "https://access.redhat.com/errata/RHSA-2008:0648"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0648.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2024-11-22T02:13:57+00:00",
"generator": {
"date": "2024-11-22T02:13:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2008:0648",
"initial_release_date": "2008-08-27T17:13:00+00:00",
"revision_history": [
{
"date": "2008-08-27T17:13:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-08-27T13:13:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T02:13:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product": {
"name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product": {
"name": "Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:5::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-debuginfo@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp.7.el5_2.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)",
"product_id": "5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client-Workstation"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)",
"product_id": "5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Client"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"relates_to_product_reference": "5Server"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)",
"product_id": "5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"relates_to_product_reference": "5Server"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-08-27T17:13:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0648"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-1947",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "446393"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat host manager xss - name field",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1947"
},
{
"category": "external",
"summary": "RHBZ#446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1947",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947"
}
],
"release_date": "2008-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-08-27T17:13:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0648"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Tomcat host manager xss - name field"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-08-27T17:13:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0648"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2938",
"discovery_date": "2008-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "456120"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat Unicode directory traversal vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2938"
},
{
"category": "external",
"summary": "RHBZ#456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938"
}
],
"release_date": "2008-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-08-27T17:13:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client-Workstation:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client-Workstation:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Client:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Client:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.src",
"5Server:tomcat5-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-admin-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-common-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.ppc64",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-debuginfo-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jasper-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-server-lib-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp.7.el5_2.1.x86_64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.i386",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ia64",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.ppc",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.s390x",
"5Server:tomcat5-webapps-0:5.5.23-0jpp.7.el5_2.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0648"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat Unicode directory traversal vulnerability"
}
]
}
rhsa-2008_0862
Vulnerability from csaf_redhat
Published
2008-10-02 14:03
Modified
2024-11-22 02:13
Summary
Red Hat Security Advisory: tomcat security update
Notes
Topic
Updated tomcat packages that fix several security issues are now available
for Red Hat Application Server v2.
This update has been rated as having important security impact by the Red
Hat Security Response Team.
Details
Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.
The default security policy in the JULI logging component did not restrict
access permissions to files. This could be misused by untrusted web
applications to access and write arbitrary files in the context of the
Tomcat process. (CVE-2007-5342)
A directory traversal vulnerability was discovered in the Apache Tomcat
webdav servlet. Under certain configurations, this allowed remote,
authenticated users to read files accessible to the local Tomcat process.
(CVE-2007-5461)
A cross-site scripting vulnerability was discovered in the
HttpServletResponse.sendError() method. A remote attacker could inject
arbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)
An additional cross-site scripting vulnerability was discovered in the host
manager application. A remote attacker could inject arbitrary web script or
HTML via the hostname parameter. (CVE-2008-1947)
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
"allowLinking" and "URIencoding" settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the Tomcat process. (CVE-2008-2938)
Users of tomcat should upgrade to these updated packages, which contain
backported patches to resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated tomcat packages that fix several security issues are now available\nfor Red Hat Application Server v2.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Apache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies.\n\nThe default security policy in the JULI logging component did not restrict\naccess permissions to files. This could be misused by untrusted web\napplications to access and write arbitrary files in the context of the\nTomcat process. (CVE-2007-5342)\n\nA directory traversal vulnerability was discovered in the Apache Tomcat\nwebdav servlet. Under certain configurations, this allowed remote,\nauthenticated users to read files accessible to the local Tomcat process.\n(CVE-2007-5461)\n\nA cross-site scripting vulnerability was discovered in the\nHttpServletResponse.sendError() method. A remote attacker could inject\narbitrary web script or HTML via forged HTTP headers. (CVE-2008-1232)\n\nAn additional cross-site scripting vulnerability was discovered in the host\nmanager application. A remote attacker could inject arbitrary web script or\nHTML via the hostname parameter. (CVE-2008-1947)\n\nA traversal vulnerability was discovered when using a RequestDispatcher\nin combination with a servlet or JSP. A remote attacker could utilize a\nspecially-crafted request parameter to access protected web resources.\n(CVE-2008-2370)\n\nAn additional traversal vulnerability was discovered when the\n\"allowLinking\" and \"URIencoding\" settings were activated. A remote attacker\ncould use a UTF-8-encoded request to extend their privileges and obtain\nlocal files accessible to the Tomcat process. (CVE-2008-2938)\n\nUsers of tomcat should upgrade to these updated packages, which contain\nbackported patches to resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:0862",
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-5.html",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"category": "external",
"summary": "333791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
},
{
"category": "external",
"summary": "427216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427216"
},
{
"category": "external",
"summary": "446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_0862.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update",
"tracking": {
"current_release_date": "2024-11-22T02:13:30+00:00",
"generator": {
"date": "2024-11-22T02:13:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2008:0862",
"initial_release_date": "2008-10-02T14:03:00+00:00",
"revision_history": [
{
"date": "2008-10-02T14:03:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-10-02T10:03:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T02:13:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Application Server v2 4AS",
"product": {
"name": "Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_application_server:2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Application Server v2 4ES",
"product": {
"name": "Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_application_server:2"
}
}
},
{
"category": "product_name",
"name": "Red Hat Application Server v2 4WS",
"product": {
"name": "Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_application_server:2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Application Server"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-webapps@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-common-lib@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api-javadoc@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper-javadoc@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-servlet-2.4-api@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jasper@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-server-lib@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api-javadoc@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-admin-webapps@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"product": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"product_id": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5-jsp-2.0-api@5.5.23-0jpp_4rh.9?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
"product": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
"product_id": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.5.23-0jpp_4rh.9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4AS",
"product_id": "4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4AS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4ES",
"product_id": "4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4ES-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.5.23-0jpp_4rh.9.src as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src"
},
"product_reference": "tomcat5-0:5.5.23-0jpp_4rh.9.src",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch as a component of Red Hat Application Server v2 4WS",
"product_id": "4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
},
"product_reference": "tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"relates_to_product_reference": "4WS-RHAPS2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2007-5342",
"discovery_date": "2007-10-10T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "427216"
}
],
"notes": [
{
"category": "description",
"text": "The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by changing the (1) level, (2) directory, and (3) prefix attributes in the org.apache.juli.FileHandler handler.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Apache Tomcat\u0027s default security policy is too open",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5342"
},
{
"category": "external",
"summary": "RHBZ#427216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=427216"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5342",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5342"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5342",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5342"
}
],
"release_date": "2007-12-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Apache Tomcat\u0027s default security policy is too open"
},
{
"cve": "CVE-2007-5461",
"discovery_date": "2007-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "333791"
}
],
"notes": [
{
"category": "description",
"text": "Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Absolute path traversal Apache Tomcat WEBDAV",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2007-5461"
},
{
"category": "external",
"summary": "RHBZ#333791",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=333791"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2007-5461",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5461"
}
],
"release_date": "2007-10-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Absolute path traversal Apache Tomcat WEBDAV"
},
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-1947",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "446393"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat host manager xss - name field",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1947"
},
{
"category": "external",
"summary": "RHBZ#446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1947",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947"
}
],
"release_date": "2008-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Tomcat host manager xss - name field"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2938",
"discovery_date": "2008-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "456120"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat Unicode directory traversal vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2938"
},
{
"category": "external",
"summary": "RHBZ#456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938"
}
],
"release_date": "2008-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-10-02T14:03:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. \n\nThis update is available via Red Hat Network. Details on how to use \nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/FAQ_58_10188",
"product_ids": [
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4AS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4AS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4ES-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4ES-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-0:5.5.23-0jpp_4rh.9.src",
"4WS-RHAPS2:tomcat5-admin-webapps-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-common-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jasper-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-jsp-2.0-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-server-lib-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-servlet-2.4-api-javadoc-0:5.5.23-0jpp_4rh.9.noarch",
"4WS-RHAPS2:tomcat5-webapps-0:5.5.23-0jpp_4rh.9.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:0862"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat Unicode directory traversal vulnerability"
}
]
}
RHSA-2008:1007
Vulnerability from csaf_redhat
Published
2008-12-08 09:02
Modified
2025-09-10 13:43
Summary
Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server
Notes
Topic
Updated tomcat packages that fix multiple security issues are now available
for Red Hat Network Satellite Server.
This update has been rated as having low security impact by the Red
Hat Security Response Team.
Details
This update corrects several security vulnerabilities in the Tomcat
component shipped as part of Red Hat Network Satellite Server. In a
typical operating environment, Tomcat is not exposed to users
of Satellite Server in a vulnerable manner. These security updates will
reduce risk in unique Satellite Server environments.
Multiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232,
CVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271)
Users of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update
to these Tomcat packages which resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated tomcat packages that fix multiple security issues are now available\nfor Red Hat Network Satellite Server.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "This update corrects several security vulnerabilities in the Tomcat\ncomponent shipped as part of Red Hat Network Satellite Server. In a\ntypical operating environment, Tomcat is not exposed to users\nof Satellite Server in a vulnerable manner. These security updates will\nreduce risk in unique Satellite Server environments.\n\nMultiple flaws were fixed in the Apache Tomcat package. (CVE-2008-1232,\nCVE-2008-1947, CVE-2008-2370, CVE-2008-2938, CVE-2008-3271)\n\nUsers of Red Hat Network Satellite Server 5.0 or 5.1 are advised to update\nto these Tomcat packages which resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2008:1007",
"url": "https://access.redhat.com/errata/RHSA-2008:1007"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "http://tomcat.apache.org/security-5.html",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"category": "external",
"summary": "446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "466875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=466875"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2008/rhsa-2008_1007.json"
}
],
"title": "Red Hat Security Advisory: tomcat security update for Red Hat Network Satellite Server",
"tracking": {
"current_release_date": "2025-09-10T13:43:19+00:00",
"generator": {
"date": "2025-09-10T13:43:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2008:1007",
"initial_release_date": "2008-12-08T09:02:00+00:00",
"revision_history": [
{
"date": "2008-12-08T09:02:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2008-12-08T04:02:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-10T13:43:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Satellite 5.1 (RHEL v.4 AS)",
"product": {
"name": "Red Hat Satellite 5.1 (RHEL v.4 AS)",
"product_id": "4AS-RHNSAT5.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite:5.1::el4"
}
}
},
{
"category": "product_name",
"name": "Red Hat Satellite 5.0 (RHEL v.4 AS)",
"product": {
"name": "Red Hat Satellite 5.0 (RHEL v.4 AS)",
"product_id": "4AS-RHNSAT5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_satellite:5.0:el4"
}
}
}
],
"category": "product_family",
"name": "Red Hat Satellite"
},
{
"branches": [
{
"category": "product_version",
"name": "tomcat5-0:5.0.30-0jpp_12rh.noarch",
"product": {
"name": "tomcat5-0:5.0.30-0jpp_12rh.noarch",
"product_id": "tomcat5-0:5.0.30-0jpp_12rh.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tomcat5@5.0.30-0jpp_12rh?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.0.30-0jpp_12rh.noarch as a component of Red Hat Satellite 5.1 (RHEL v.4 AS)",
"product_id": "4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-0:5.0.30-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-RHNSAT5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tomcat5-0:5.0.30-0jpp_12rh.noarch as a component of Red Hat Satellite 5.0 (RHEL v.4 AS)",
"product_id": "4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
},
"product_reference": "tomcat5-0:5.0.30-0jpp_12rh.noarch",
"relates_to_product_reference": "4AS-RHNSAT5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2008-1232",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457597"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat: Cross-Site-Scripting enabled by sendError call",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1232"
},
{
"category": "external",
"summary": "RHBZ#457597",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457597"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1232",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1232"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-12-08T09:02:00+00:00",
"details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
"product_ids": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:1007"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat: Cross-Site-Scripting enabled by sendError call"
},
{
"cve": "CVE-2008-1947",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2008-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "446393"
}
],
"notes": [
{
"category": "description",
"text": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Tomcat host manager xss - name field",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-1947"
},
{
"category": "external",
"summary": "RHBZ#446393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-1947",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1947"
}
],
"release_date": "2008-06-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-12-08T09:02:00+00:00",
"details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
"product_ids": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:1007"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Tomcat host manager xss - name field"
},
{
"cve": "CVE-2008-2370",
"discovery_date": "2008-08-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "457934"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RequestDispatcher information disclosure vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2370"
},
{
"category": "external",
"summary": "RHBZ#457934",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=457934"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2370",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
}
],
"release_date": "2008-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-12-08T09:02:00+00:00",
"details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
"product_ids": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:1007"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tomcat RequestDispatcher information disclosure vulnerability"
},
{
"cve": "CVE-2008-2938",
"discovery_date": "2008-07-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "456120"
}
],
"notes": [
{
"category": "description",
"text": "Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat Unicode directory traversal vulnerability",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-2938"
},
{
"category": "external",
"summary": "RHBZ#456120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=456120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-2938",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2938"
}
],
"release_date": "2008-08-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-12-08T09:02:00+00:00",
"details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
"product_ids": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:1007"
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tomcat Unicode directory traversal vulnerability"
},
{
"cve": "CVE-2008-3271",
"discovery_date": "2008-10-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "466875"
}
],
"notes": [
{
"category": "description",
"text": "Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a \"synchronization problem\" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tomcat RemoteFilterValve Information disclosure",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2008-3271"
},
{
"category": "external",
"summary": "RHBZ#466875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=466875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2008-3271",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3271"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2008-3271",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3271"
}
],
"release_date": "2008-10-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2008-12-08T09:02:00+00:00",
"details": "This update is available via Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttp://www.redhat.com/docs/manuals/satellite/Red_Hat_Network_Satellite-5.0.0/html/Installation_Guide/s1-maintenance-update.html",
"product_ids": [
"4AS-RHNSAT5.1:tomcat5-0:5.0.30-0jpp_12rh.noarch",
"4AS-RHNSAT5:tomcat5-0:5.0.30-0jpp_12rh.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2008:1007"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tomcat RemoteFilterValve Information disclosure"
}
]
}
ghsa-m8h8-6rvg-f4mg
Vulnerability from github
Published
2022-05-01 23:49
Modified
2024-02-09 16:27
VLAI Severity ?
Summary
Apache Tomcat Path Traversal Vulnerability
Details
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.1.37"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "4.1.0"
},
{
"fixed": "4.1.38"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.5.26"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "5.5.0"
},
{
"fixed": "5.5.27"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 6.0.16"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.18"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2008-2370"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-09T16:27:03Z",
"nvd_published_at": "2008-08-04T01:41:00Z",
"severity": "MODERATE"
},
"details": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a `RequestDispatcher` is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a `..` (dot dot) in a request parameter.",
"id": "GHSA-m8h8-6rvg-f4mg",
"modified": "2024-02-09T16:27:04Z",
"published": "2022-05-01T23:49:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2008-2370"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20090201124638/http://secunia.com/advisories/32120"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20090201124957/http://secunia.com/advisories/31982"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20090201125002/http://secunia.com/advisories/32266"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20090201141000/http://secunia.com/advisories/32222"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20090207111236/http://secunia.com/advisories/33797"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20090225175903/http://secunia.com/advisories/33999"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20090228074535/http://secunia.com/advisories/31379"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20090228074540/http://secunia.com/advisories/34013"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20090308065055/http://secunia.com/advisories/31865"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20090811003155/http://secunia.com/advisories/35393"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20090828023853/http://secunia.com/advisories/36249"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20100706231759/http://secunia.com/advisories/37460"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20110714083521/http://www.securitytracker.com/id?1020623"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20110714174318/http://www.securityfocus.com/bid/30494"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20120719164745/http://www.securityfocus.com/archive/1/495022/100/0/threaded"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20120724210029/http://www.securityfocus.com/bid/31681"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20140723000733/http://secunia.com/advisories/57126"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20150621204350/http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html"
},
{
"type": "WEB",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20080827150120/http://securityreason.com/securityalert/4099"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20090201124618/http://secunia.com/advisories/31381"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20090201124623/http://secunia.com/advisories/31639"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20090201124633/http://secunia.com/advisories/31891"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT3216"
},
{
"type": "WEB",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"
},
{
"type": "WEB",
"url": "http://tomcat.apache.org/security-4.html"
},
{
"type": "WEB",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"type": "WEB",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"type": "WEB",
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html"
},
{
"type": "WEB",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Apache Tomcat Path Traversal Vulnerability"
}
fkie_cve-2008-2370
Vulnerability from fkie_nvd
Published
2008-08-04 01:41
Modified
2025-04-09 00:30
Severity ?
Summary
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0E300013-0CE7-4313-A553-74A6A247B3E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08D7414-8D0C-45D6-8E87-679DF0201D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AB15C5DB-0DBE-4DAD-ACBD-FAE23F768D01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "60CFD9CA-1878-4C74-A9BD-5D581736E6B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "02860646-1D72-4D9A-AE2A-5868C8EDB3AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5BE4B9B5-9C2E-47E1-9483-88A17264594F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BE92A9B-4B8C-468E-9162-A56ED5313E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AE21D455-5B38-4B07-8E25-4EE782501EB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B9AE125C-EB8E-4D33-BB64-1E2AEE18BF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "47588ABB-FCE6-478D-BEAD-FC9A0C7D66DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C92F3744-C8F9-4E29-BF1A-25E03A32F2C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "084B3227-FE22-43E3-AE06-7BB257018690",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DDA1D1-1DB2-4FD6-90A6-7DDE2FDD73F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D2BFF1D5-2E34-4A01-83A7-6AA3A112A1B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6D536FF4-7582-4351-ABE3-876E20F8E7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1C03E4C9-34E3-42F7-8B73-D3C595FD7EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "FB43F47F-5BF9-43A0-BF0E-451B4A8F7137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "DFFFE700-AAFE-4F5B-B0E2-C3DA76DE492D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "11DDD82E-5D83-4581-B2F3-F12655BBF817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "8A0F0C91-171E-421D-BE86-11567DEFC7BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "F22D2621-D305-43CE-B00D-9A7563B061F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "9A5D55E8-D3A3-4784-8AC6-CCB07E470AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4245BA-B05C-49DE-B2E0-1E588209ED3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "8633532B-9785-4259-8840-B08529E20DCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B1D9BD7E-FCC2-404B-A057-1A10997DAFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "F935ED72-58F4-49C1-BD9F-5473E0B9D8CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "FADB75DC-8713-4F0C-9F06-30DA6F6EF6B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*",
"matchCriteriaId": "2EA52901-2D16-4F7E-BF5E-780B42A55D6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*",
"matchCriteriaId": "6A79DA2C-35F3-47DE-909B-8D8D1AE111C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF6952D-6308-4029-8B63-0BD9C648C60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "94941F86-0BBF-4F30-8F13-FB895A11ED69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "17522878-4266-432A-859D-C02096C8AC0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "951FFCD7-EAC2-41E6-A53B-F90C540327E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "BF1F2738-C7D6-4206-9227-43F464887FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "98EEB6F2-A721-45CF-A856-0E01B043C317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*",
"matchCriteriaId": "02FDE602-A56A-477E-B704-41AF92EEBB9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*",
"matchCriteriaId": "5A28B11A-3BC7-41BC-8970-EE075B029F5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD3E84C-9A2E-4586-A09E-CBDEB1E7F695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB203AEC-2A94-48CA-A0E0-B5A8EBF028B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98B82A-22E5-4E6C-90AE-56F5780EA147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34672E90-C220-436B-9143-480941227933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "92883AFA-A02F-41A5-9977-ABEAC8AD2970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "989A78F8-EE92-465F-8A8D-ECF0B58AFE7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1F5B6627-B4A4-4E2D-B96C-CA37CCC8C804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ACFB09F3-32D1-479C-8C39-D7329D9A6623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D56581E2-9ECD-426A-96D8-A9D958900AD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "717F6995-5AF0-484C-90C0-A82F25FD2E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5B0C01D5-773F-469C-9E69-170C2844AAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EB03FDFB-4DBF-4B70-BFA3-570D1DE67695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5CF79C-759B-4FF9-90EE-847264059E93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "357651FD-392E-4775-BF20-37A23B3ABAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "585B9476-6B86-4809-9B9E-26112114CB59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6145036D-4FCE-4EBE-A137-BDFA69BA54F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E437055A-0A81-413F-AB08-0E9D0DC9EA30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "9276A093-9C98-4617-9941-2276995F5848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C98575E2-E39A-4A8F-B5B5-BD280B8367BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "5878E08E-2741-4798-94E9-BA8E07386B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "69F6BAB7-C099-4345-A632-7287AEA555B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F3AAF031-D16B-4D51-9581-2D1376A5157B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "51120689-F5C0-4DF1-91AA-314C40A46C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "F67477AB-85F6-421C-9C0B-C8EFB1B200CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "16D0C265-2ED9-42CF-A7D6-C7FAE4246A1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49E3C039-A949-4F1B-892A-57147EECB249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F28C7801-41B9-4552-BA1E-577967BCBBEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25B21085-7259-4685-9D1F-FF98E6489E10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "635EE321-2A1F-4FF8-95BE-0C26591969D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A81B035-8598-4D2C-B45F-C6C9D4B10C2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E1096947-82A6-4EA8-A4F2-00D91E3F7DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9C95ADA4-66F5-45C4-A677-ACE22367A75A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "11951A10-39A2-4FF5-8C43-DF94730FB794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "351E5BCF-A56B-4D91-BA3C-21A4B77D529A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC2BBB4-171E-4EFF-A575-A5B7FF031755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6B6B0504-27C1-4824-A928-A878CBBAB32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D903956B-14F5-4177-AF12-0A5F1846D3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "81F847DC-A2F5-456C-9038-16A0E85F4C3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3EBD00-1E1E-452D-AFFB-08A6BD111DDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter."
},
{
"lang": "es",
"value": "Apache Tomcat 4.1.0 hasta la 4.1.37, 5.5.0 hasta la 5.5.26 y 6.0.0 hasta la 6.0.16, cuando se utiliza RequestDispatcher, realiza una regularizaci\u00f3n de ruta antes de eliminar la cadena de consulta desde la URI, lo cual permite a atacantes remotos dirigir ataques de salto de directorio y leer archivos arbitrariamente mediante un .. (punto punto) en un parametro request."
}
],
"id": "CVE-2008-2370",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-08-04T01:41:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31379"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31381"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31639"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31865"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31891"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31982"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32120"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32222"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/32266"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/33797"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/33999"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/34013"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/35393"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/36249"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/37460"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/57126"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/4099"
},
{
"source": "secalert@redhat.com",
"url": "http://support.apple.com/kb/HT3216"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://tomcat.apache.org/security-4.html"
},
{
"source": "secalert@redhat.com",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"source": "secalert@redhat.com",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/495022/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/30494"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1020623"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/2305"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/2823"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/0320"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/0503"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/1535"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/2215"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31639"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/37460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tomcat.apache.org/security-4.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/495022/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/30494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/2215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-200808-0011
Vulnerability from variot
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apache Tomcat is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to further attacks. The following versions are affected: Tomcat 4.1.0 through 4.1.37 Tomcat 5.5.0 through 5.5.26 Tomcat 6.0.0 through 6.0.16 Tomcat 3.x, 4.0.x, and 5.0.x may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
CVE-2008-2370: Apache Tomcat information disclosure vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: Tomcat 4.1.0 to 4.1.37 Tomcat 5.5.0 to 5.5.26 Tomcat 6.0.0 to 6.0.16 The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected
Description: When using a RequestDispatcher the target path was normalised before the query string was removed. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected by a security constraint or by locating it in under the WEB-INF directory.
Mitigation: 6.0.x users should upgrade to 6.0.18 5.5.x users should obtain the latest source from svn or apply this patch which will be included from 5.5.27 http://svn.apache.org/viewvc?rev=680949&view=rev 4.1.x users should obtain the latest source from svn or apply this patch which will be included from 4.1.38 http://svn.apache.org/viewvc?rev=680950&view=rev
Example: For a page that contains: <% pageContext.forward("/page2.jsp?somepar=someval&par="+request.getParameter("blah")); %> an attacker can use: http://host/page.jsp?blah=/../WEB-INF/web.xml
Credit: This issue was discovered by Stefano Di Paola of Minded Security Research Labs. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01650939 Version: 1
HPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-02-02 Last Updated: 2009-02-02
Potential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite.
References: CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939, CVE-2008-3658
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or earlier or Tomcat-based Servelet Engine v5.5.27.01.01 or earlier HP-UX B.11.11 running Apache-based Web Server v2.2.8.01.01 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2007-6420 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-1232 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-1947 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2364 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0 CVE-2008-2370 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0 CVE-2008-2938 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2008-3658 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 7.5 =============================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002.
RESOLUTION
HP has provided the following upgrades to resolve these vulnerabilities. The upgrades are available from the following location: URL: http://software.hp.com
Note: HP-UX Web Server Suite v.3.02 contains HP-UX Apache-based Web Server v.2.2.8.01.02 and HP-UX Tomcat-based Servlet Engine 5.5.27.01.01
HP-UX Release - B.11.23 and B.11.31 PA-32 Apache Depot name - HPUXWSATW-B302-32.depot
HP-UX Release - B.11.23 and B.11.31 IA-64 Apache Depot name - HPUXWSATW-B302-64.depot
HP-UX Release - B.11.11 PA-32 Apache Depot name - HPUXWSATW-B222-1111.depot
MANUAL ACTIONS: Yes - Update
Install Apache-based Web Server or Tomcat-based Servelet Engine from the Apache Web Server Suite v3.02 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
hpuxwsAPACHE.APACHE hpuxwsAPACHE.APACHE2 hpuxwsAPACHE.AUTH_LDAP hpuxwsAPACHE.AUTH_LDAP2 hpuxwsAPACHE.MOD_JK hpuxwsAPACHE.MOD_JK2 hpuxwsAPACHE.MOD_PERL hpuxwsAPACHE.MOD_PERL2 hpuxwsAPACHE.PHP hpuxwsAPACHE.PHP2 hpuxwsAPACHE.WEBPROXY hpuxwsTOMCAT.TOMCAT hpuxwsWEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
HP-UX B.11.23
hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22TOMCAT.TOMCAT hpuxws22WEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
HP-UX B.11.31
hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 hpuxws22TOMCAT.TOMCAT hpuxws22WEBMIN.WEBMIN
action: install revision B.2.2.8.01.02 or subsequent URL: http://software.hp.com
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 2 February 2009 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches - check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems - verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
\xa9Copyright 2009 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2009-0016 Synopsis: VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components Issue date: 2009-11-20 Updated on: 2009-11-20 (initial release of advisory) CVE numbers: --- JRE --- CVE-2009-1093 CVE-2009-1094 CVE-2009-1095 CVE-2009-1096 CVE-2009-1097 CVE-2009-1098 CVE-2009-1099 CVE-2009-1100 CVE-2009-1101 CVE-2009-1102 CVE-2009-1103 CVE-2009-1104 CVE-2009-1105 CVE-2009-1106 CVE-2009-1107 CVE-2009-2625 CVE-2009-2670 CVE-2009-2671 CVE-2009-2672 CVE-2009-2673 CVE-2009-2675 CVE-2009-2676 CVE-2009-2716 CVE-2009-2718 CVE-2009-2719 CVE-2009-2720 CVE-2009-2721 CVE-2009-2722 CVE-2009-2723 CVE-2009-2724 --- Tomcat --- CVE-2008-5515 CVE-2009-0033 CVE-2009-0580 CVE-2009-0781 CVE-2009-0783 CVE-2008-1232 CVE-2008-1947 CVE-2008-2370 CVE-2007-5333 CVE-2007-5342 CVE-2007-5461 CVE-2007-6286 CVE-2008-0002 --- ntp --- CVE-2009-1252 CVE-2009-0159 --- kernel --- CVE-2008-3528 CVE-2008-5700 CVE-2009-0028 CVE-2009-0269 CVE-2009-0322 CVE-2009-0675 CVE-2009-0676 CVE-2009-0778 CVE-2008-4307 CVE-2009-0834 CVE-2009-1337 CVE-2009-0787 CVE-2009-1336 CVE-2009-1439 CVE-2009-1633 CVE-2009-1072 CVE-2009-1630 CVE-2009-1192 CVE-2007-5966 CVE-2009-1385 CVE-2009-1388 CVE-2009-1389 CVE-2009-1895 CVE-2009-2406 CVE-2009-2407 CVE-2009-2692 CVE-2009-2698 CVE-2009-0745 CVE-2009-0746 CVE-2009-0747 CVE-2009-0748 CVE-2009-2847 CVE-2009-2848 --- python --- CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 --- bind --- CVE-2009-0696 --- libxml and libxml2 --- CVE-2009-2414 CVE-2009-2416 --- curl -- CVE-2009-2417 --- gnutil --- CVE-2007-2052
- Summary
Updated Java JRE packages and Tomcat packages address several security issues. Updates for the ESX Service Console and vMA include kernel, ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is also updated for ESXi userworlds.
- Relevant releases
vCenter Server 4.0 before Update 1
ESXi 4.0 without patch ESXi400-200911201-UG
ESX 4.0 without patches ESX400-200911201-UG, ESX400-200911223-UG, ESX400-200911232-SG, ESX400-200911233-SG, ESX400-200911234-SG, ESX400-200911235-SG, ESX400-200911237-SG, ESX400-200911238-SG
vMA 4.0 before patch 02
- Problem Description
a. JRE Security Update
JRE update to version 1.5.0_20, which addresses multiple security
issues that existed in earlier releases of JRE.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,
CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,
CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,
CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the following names to the security issues fixed in
JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,
CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,
CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,
CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter 4.0 Windows Update 1
VirtualCenter 2.5 Windows affected, patch pending
VirtualCenter 2.0.2 Windows affected, patch pending
Workstation any any not affected
Player any any not affected
Server 2.0 any affected, patch pending
Server 1.0 any not affected
ACE any any not affected
Fusion any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200911223-UG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 2 *
-
vMA JRE is updated to version JRE 1.5.0_21
Notes: These vulnerabilities can be exploited remotely only if the attacker has access to the Service Console network.
Security best practices provided by VMware recommend that the Service Console be isolated from the VM network. Please see http://www.vmware.com/resources/techresources/726 for more information on VMware security best practices. The currently installed version of JRE depends on your patch deployment history.
b. Update Apache Tomcat version to 6.0.20
Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 which addresses multiple security issues that existed in the previous version of Apache Tomcat.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002.
The following table lists what action remediates the vulnerability (column 4) if a solution is available.
VMware Product Running Replace with/ Product Version on Apply Patch ======== ======== ======= ======================= vCenter 4.0 Windows Update 1 VirtualCenter 2.5 Windows affected, patch pending VirtualCenter 2.0.2 Windows affected, patch pending
Workstation any any not affected
Player any any not affected
ACE any Windows not affected
Server 2.x any affected, patch pending Server 1.x any not affected
Fusion any Mac OS/X not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200911223-UG ESX 3.5 ESX affected, patch pending ESX 3.0.3 ESX affected, patch pending ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 not affected
Notes: These vulnerabilities can be exploited remotely only if the
attacker has access to the Service Console network.
Security best practices provided by VMware recommend that the
Service Console be isolated from the VM network. Please see
http://www.vmware.com/resources/techresources/726 for more
information on VMware security best practices.
The currently installed version of Tomcat depends on
your patch deployment history.
c. Third party library update for ntp.
The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.
ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the following security issue. Note that the same security issue is present in the ESX Service Console as described in section d. of this advisory.
A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue.
The NTP security issue identified by CVE-2009-0159 is not relevant for ESXi 3.5 and ESXi 4.0.
The following table lists what action remediates the vulnerability in this component (column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi 4.0 ESXi ESXi400-200911201-UG
ESXi 3.5 ESXi affected, patch pending
ESX 4.0 ESX not affected
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 not affected
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
d. Service Console update for ntp
Service Console package ntp updated to version ntp-4.2.2pl-9.el5_3.2
The Network Time Protocol (NTP) is used to synchronize a computer's time with a referenced time source.
The Service Console present in ESX is affected by the following security issues.
A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the "ntp" user.
NTP authentication is not enabled by default on the Service Console.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1252 to this issue.
A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the privileges of the user running the ntpq command.
The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-0159 to this issue.
The following table lists what action remediates the vulnerability in the Service Console (column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-200911238-SG
ESX 3.5 ESX affected, patch pending **
ESX 3.0.3 ESX affected, patch pending **
ESX 2.5.5 ESX affected, patch pending **
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
** The service consoles of ESX 2.5.5, ESX 3.0.3 and ESX 3.5 are not affected by CVE-2009-1252. The security issue identified by CVE-2009-0159 has a low impact on the service console of ESX 2.5.5, ESX 3.0.3 and ESX 3.5.
e. Updated Service Console package kernel
Updated Service Console package kernel addresses the security
issues below.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028,
CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676,
CVE-2009-0778 to the security issues fixed in kernel
2.6.18-128.1.6.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337,
CVE-2009-0787, CVE-2009-1336 to the security issues fixed in
kernel 2.6.18-128.1.10.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072,
CVE-2009-1630, CVE-2009-1192 to the security issues fixed in
kernel 2.6.18-128.1.14.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388,
CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the
security issues fixed in kernel 2.6.18-128.4.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-2692, CVE-2009-2698 to the
security issues fixed in kernel 2.6.18-128.7.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747,
CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues
fixed in kernel 2.6.18-164.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911201-UG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
ESX 2.5.5 ESX not applicable
vMA 4.0 RHEL5 Patch 2 **
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
** vMA is updated to kernel version 2.6.18-164.
f. Updated Service Console package python
Service Console package Python update to version 2.4.3-24.el5.
When the assert() system call was disabled, an input sanitization
flaw was revealed in the Python string object implementation that
led to a buffer overflow. The missing check for negative size values
meant the Python memory allocator could allocate less memory than
expected. This could result in arbitrary code execution with the
Python interpreter's privileges.
Multiple buffer and integer overflow flaws were found in the Python
Unicode string processing and in the Python Unicode and string
object implementations. An attacker could use these flaws to cause
a denial of service.
Multiple integer overflow flaws were found in the Python imageop
module. If a Python application used the imageop module to
process untrusted images, it could cause the application to
disclose sensitive information, crash or, potentially, execute
arbitrary code with the Python interpreter's privileges.
Multiple integer underflow and overflow flaws were found in the
Python snprintf() wrapper implementation. An attacker could use
these flaws to cause a denial of service (memory corruption).
Multiple integer overflow flaws were found in various Python
modules. An attacker could use these flaws to cause a denial of
service.
An integer signedness error, leading to a buffer overflow, was
found in the Python zlib extension module. If a Python application
requested the negative byte count be flushed for a decompression
stream, it could cause the application to crash or, potentially,
execute arbitrary code with the Python interpreter's privileges.
A flaw was discovered in the strxfrm() function of the Python
locale module. Strings generated by this function were not properly
NULL-terminated, which could possibly cause disclosure of data
stored in the memory of a Python application using this function.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721
CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143
CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911235-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
g. Updated Service Console package bind
Service Console package bind updated to version 9.3.6-4.P1.el5
The Berkeley Internet Name Domain (BIND) is an implementation of the
Domain Name System (DNS) protocols. BIND includes a DNS server
(named); a resolver library (routines for applications to use when
interfacing with DNS); and tools for verifying that the DNS server
is operating correctly.
A flaw was found in the way BIND handles dynamic update message
packets containing the "ANY" record type. A remote attacker could
use this flaw to send a specially-crafted dynamic update packet
that could cause named to exit with an assertion failure.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-0696 to this issue.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911237-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
h. Updated Service Console package libxml2
Service Console package libxml2 updated to version 2.6.26-2.1.2.8.
libxml is a library for parsing and manipulating XML files. A
Document Type Definition (DTD) defines the legal syntax (and also
which elements can be used) for certain types of files, such as XML
files.
A stack overflow flaw was found in the way libxml processes the
root XML document element definition in a DTD. A remote attacker
could provide a specially-crafted XML file, which once opened by a
local, unsuspecting user, would lead to denial of service.
Multiple use-after-free flaws were found in the way libxml parses
the Notation and Enumeration attribute types. A remote attacker
could provide a specially-crafted XML file, which once opened by a
local, unsuspecting user, would lead to denial of service.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-2414 and CVE-2009-2416 to these
issues.
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911234-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
i. Updated Service Console package curl
Service Console package curl updated to version 7.15.5-2.1.el5_3.5
A cURL is affected by the previously published "null prefix attack",
caused by incorrect handling of NULL characters in X.509
certificates. If an attacker is able to get a carefully-crafted
certificate signed by a trusted Certificate Authority, the attacker
could use the certificate during a man-in-the-middle attack and
potentially confuse cURL into accepting it by mistake.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-2417 to this issue
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911232-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 2
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
j. Updated Service Console package gnutls
Service Console package gnutil updated to version 1.4.1-3.el5_3.5
A flaw was discovered in the way GnuTLS handles NULL characters in
certain fields of X.509 certificates. If an attacker is able to get
a carefully-crafted certificate signed by a Certificate Authority
trusted by an application using GnuTLS, the attacker could use the
certificate during a man-in-the-middle attack and potentially
confuse the application into accepting it by mistake.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2009-2730 to this issue
The following table lists what action remediates the vulnerability
(column 4) if a solution is available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
vCenter any Windows not applicable
hosted * any any not applicable
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-200911233-SG
ESX 3.5 ESX not affected
ESX 3.0.3 ESX not affected
ESX 2.5.5 ESX not affected
vMA 4.0 RHEL5 Patch 2
-
hosted products are VMware Workstation, Player, ACE, Server, Fusion.
-
Solution
Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file.
VMware vCenter Server 4 Update 1
Version 4.0 Update 1 Build Number 208156 Release Date 2009/11/19 Type Product Binaries http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1
VMware vCenter Server 4 and modules File size: 1.8 GB File type: .iso MD5SUM: 057d55b32eb27fe5f3e01bc8d3df3bc5 SHA1SUM: c90134418c2e4d3d6637d8bee44261300ad95ec1
VMware vCenter Server 4 and modules File size: 1.5 GB File type: .zip MD5SUM: f843d9c19795eb3bc5a77f5c545468a8 SHA1SUM: 9a7abd8e70bd983151e2ee40e1b3931525c4480c
VMware vSphere Client and Host Update Utility File size: 113.8 MB File type: .exe MD5SUM: 6cc6b2c958e7e9529c284e48dfae22a9 SHA1SUM: f4c19c63a75d93cffc57b170066358160788c959
VMware vCenter Converter BootCD File size: 98.8 MB File type: .zip MD5SUM: 3df94eb0e93de76b0389132ada2a3799 SHA1SUM: 5d7c04e4f9f8ae25adc8de5963fefd8a4c92464c
VMware vCenter Converter CLI (Linux) File size: 36.9 MB File type: .tar.gz MD5SUM: 3766097563936ba5e03e87e898f6bd48 SHA1SUM: 36d485bdb5eb279296ce8c8523df04bfb12a2cb4
ESXi 4.0 Update 1
ESXi400-200911201-UG
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-155-20091116-013169/ESXi-4.0.0-update01.zip md5sum:c6fdd6722d9e5cacb280bdcc2cca0627 sha1sum:de9d4875f86b6493f9da991a8cff37784215db2e http://kb.vmware.com/kb/1014886
NOTE: The three ESXi patches for Firmware, VMware Tools, and the VI Client "C" are contained in a single download file.
ESX 4.0 Update 1
https://hostupdate.vmware.com/software/VUM/OFFLINE/release-158-20091118-187517/ESX-4.0.0-update01.zip md5sum: 68934321105c34dcda4cbeeab36a2b8f sha1sum: 0d8ae58cf9143d5c7113af9692dea11ed2dd864b http://kb.vmware.com/kb/1014842
To install an individual bulletin use esxupdate with the -b option. esxupdate --bundle=ESX-4.0.0-update01.zip -b ESX400-200911223-UG -b ESX400-200911238-SG -b ESX400-200911201-UG -b ESX400-200911235-SG -b ESX400-200911237-SG -b ESX400-200911234-SG -b ESX400-200911232-SG -b ESX400-200911233-SG update
- References
CVE numbers --- JRE --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2716 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2718 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2719 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2720 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2722 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2723 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2724 --- Tomcat --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002 --- ntp --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159 --- kernel --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0778 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4307 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1336 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1633 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1072 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1630 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0745 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0747 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0748 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848 --- python --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031 --- bind --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 --- libxml and libxml2 --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416 --- curl -- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417 --- gnutil --- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052
- Change log
2009-11-20 VMSA-2009-0016 Initial security advisory after release of vCenter 4.0 Update 1 and ESX 4.0 Update 1 on 2009-11-19 and release of vMA Patch 2 on 2009-11-23.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/lifecycle/
Copyright 2009 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksHAooACgkQS2KysvBH1xmQMACfTEcnuPanvucXPmgJCTT054o+ dtoAniXz+9xLskrkPr3oUzAcDeV729WG =wSRz -----END PGP SIGNATURE----- .
Affected Products
The WiKID Strong Authentication Server - Enterprise Edition The WiKID Strong Authentication Server - Community Edition
References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286
Mitigation
Commercial users may download the most recent RPMs from the website: http://www.wikidsystems.com/downloads/
Users of the open source community version may download packages from Sourceforge: https://sourceforge.net/project/showfiles.php?group_id=144774
Nick Owen WiKID Systems, Inc. 404-962-8983 (desk) http://www.wikidsystems.com Two-factor authentication, without the hassle factor. References
Tomcat release notes tomcat.apache.org/security-5.html
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370
A cross-site scripting vulnerability was found in the HttpServletResponse.sendError() method which could allow a remote attacker to inject arbitrary web script or HTML via forged HTTP headers (CVE-2008-1232).
A cross-site scripting vulnerability was found in the host manager application that could allow a remote attacker to inject arbitrary web script or HTML via the hostname parameter (CVE-2008-1947).
A traversal vulnerability was found when the 'allowLinking' and 'URIencoding' settings were actived which could allow a remote attacker to use a UTF-8-encoded request to extend their privileges and obtain local files accessible to the Tomcat process (CVE-2008-2938).
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938
Updated Packages:
Mandriva Linux 2008.0: 56ca5eb3e331c6675634a5e3f3c5afd7 2008.0/i586/tomcat5-5.5.23-9.2.10.2mdv2008.0.i586.rpm a1c688654decf045f80fb6d8978c73fa 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm 2b7a97313ece05bbd5596045853cfca0 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm e8384332efad0e2317a646241bece6ee 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.i586.rpm a30cc8061f55f2613c517574263cdd21 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 4f4a12c8479f27c7f9ed877f5821afa3 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm ced904c459478c1123ed5da41dddbd7f 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 183e045a9b44747c7a4adaec5c860441 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm 78af5a5788ac359a99a24f03a39c7b94 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm 8e8569bfab5abef912299b9b751e49e9 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm 6899c327906423cdd02b930221c2496e 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: c4d1c4471c29d8cd34adb9f2002ef294 2008.0/x86_64/tomcat5-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 2caf09173a64a378636496196d99756f 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm d6a9a290638267a1117a55041986d31a 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 2eead87d72af58ddc9e934b55e49a1aa 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 0fab26f89e83c882c5948a430bf82c8b 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 833334424b555a77e2a9951b71ed8fa3 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 115561d6233c3890cf3b85a7599ed03b 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm eccf76ede6fb9256a2b52c861a9b0bb3 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm cd9df1a8a1a5cb3216221bdefdfe8476 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm f7440a4111ec2fd30fa32e4bd74a0a20 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 1464eb297888c4df98d8b7eabe7f0197 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm
Mandriva Linux 2008.1: 594abdc70bc430657eb831520926c73f 2008.1/i586/tomcat5-5.5.25-1.2.1.1mdv2008.1.i586.rpm bdec2b83b4fdb4d10a01a65fbdac512d 2008.1/i586/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm 3dbc007722996d1c36f31642f80b5c2a 2008.1/i586/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm 04b23d162d13f84d1d8707646ea9148c 2008.1/i586/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.i586.rpm 602bf7d4ff261e8af20d50b9e76634bb 2008.1/i586/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.i586.rpm 0066e7519a2d3478f0a3e70bd95a7e5b 2008.1/i586/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm 1ba4743762cfa4594a27f0393de47823 2008.1/i586/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm 262f2a39b800562cef36d724ce3efa35 2008.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm b9f2af35a734d0e3a2d9bfe292aaced1 2008.1/i586/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm 8307ef374c5b995feac394b6f27474d5 2008.1/i586/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm 3f4692170c35f992defcb4111a8133cd 2008.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm 02b9d28af879b825754eff6199bf1788 2008.1/i586/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64: 6b1e03e5206eb262970198dccba7d0a3 2008.1/x86_64/tomcat5-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 930cf38058a0f8902e2741c6512e0aa0 2008.1/x86_64/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm c527521cb93bab31df3f91422faf02a6 2008.1/x86_64/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm f8bef98047ef956c8e4c0f877155e1f1 2008.1/x86_64/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 97a8a59178259d26838ce20c176c459a 2008.1/x86_64/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 3bb885debc8576bd305c9fa4c9d25bfb 2008.1/x86_64/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 66dcf08e163fdaaf81992a7d25d84a20 2008.1/x86_64/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm dd92aab81bf4c75ab30b9b82153b24c0 2008.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 517ed776282d089dd84f81d47104f660 2008.1/x86_64/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 83d4bb973b7fec461e812d74541a5949 2008.1/x86_64/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm cbdd58e1c9e1e8f0089af055abbd85e0 2008.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm cbee0f1f720269f77a66e30709ecd7ae 2008.1/x86_64/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIwYsKmqjQ0CJFipgRApJjAKCVZ1XtEGoADQcp8l/m1ECSRstnjACg4qE8 j+sCdAEJN0CXvurmFcjUvNU= =+kFf -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: Nucleus XML-RPC PHP Code Execution Vulnerability
SECUNIA ADVISORY ID: SA15895
VERIFY ADVISORY: http://secunia.com/advisories/15895/
CRITICAL: Highly critical
IMPACT: System access
WHERE:
From remote
SOFTWARE: Nucleus 3.x http://secunia.com/product/3699/
DESCRIPTION: A vulnerability has been reported in Nucleus, which can be exploited by malicious people to compromise a vulnerable system. http://sourceforge.net/project/showfiles.php?group_id=66479
OTHER REFERENCES: SA15852: http://secunia.com/advisories/15852/
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. HP has updated the Apache Tomcat and Oracle database software to address vulnerabilities affecting confidentiality, availability, and integrity. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200808-0011",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.14"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.13"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.9"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.7"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.9,
"vendor": "apache",
"version": "6.0.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.16"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.15"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.26"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.25"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.24"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.23"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.22"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.21"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.20"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.19"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.18"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.17"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.16"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.15"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.14"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.13"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.9"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.7"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "5.5.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.37"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.36"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.34"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.32"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.31"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.30"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.29"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.28"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.24"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "4.1.3"
},
{
"model": "virtualcenter",
"scope": "eq",
"trust": 1.1,
"vendor": "vmware",
"version": "2.0.2"
},
{
"model": "virtualcenter",
"scope": "eq",
"trust": 1.1,
"vendor": "vmware",
"version": "2.5"
},
{
"model": "vcenter",
"scope": "eq",
"trust": 1.1,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.7"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.14"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.18"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.23"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.22"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.33"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.26"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.13"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.27"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.20"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.9"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.15"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.21"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.17"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.19"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.25"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.16"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "4.1.1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "drupal",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gentoo linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mandriva",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "pear xml rpc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "phpxmlrpc",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "postnuke",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "serendipity",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "trustix secure linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ubuntu linux",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "wordpress",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "xoops",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "phpmyfaq",
"version": null
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "4.1.0 to 4.1.37 version"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "5.5.0 to 5.5.26 version"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "6.0.0 to 6.0.16 version"
},
{
"model": "esx",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "3.0.3"
},
{
"model": "esx",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "3.5"
},
{
"model": "esx",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "server",
"scope": "eq",
"trust": 0.8,
"vendor": "vmware",
"version": "2.x"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.5"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86)"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3 (x86-64)"
},
{
"model": "opensolaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "(sparc)"
},
{
"model": "opensolaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "(x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "10 (x86)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (sparc)"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.8,
"vendor": "sun microsystems",
"version": "9 (x86)"
},
{
"model": "hp xp p9000 performance advisor software",
"scope": "lt",
"trust": 0.8,
"vendor": "hewlett packard",
"version": "5.4.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (server)"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5.0 (client)"
},
{
"model": "rhel desktop workstation",
"scope": "eq",
"trust": 0.8,
"vendor": "red hat",
"version": "5 (client)"
},
{
"model": "webotx application server",
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "interstage application framework suite",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage apworks",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage business application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage job workload server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage studio",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "systems wikid server",
"scope": "eq",
"trust": 0.3,
"vendor": "wikid",
"version": "3.0.4"
},
{
"model": "virtualcenter 2.5.update build",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "31"
},
{
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.55"
},
{
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.52"
},
{
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.51"
},
{
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.25"
},
{
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.24"
},
{
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.23"
},
{
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.22"
},
{
"model": "virtualcenter update",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.21"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.2"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0.1"
},
{
"model": "server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "2.0"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.3"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.2"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0.1"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.0"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.0"
},
{
"model": "esx server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "3.5"
},
{
"model": "linux enterprise server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "10"
},
{
"model": "solaris 9 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 9 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 10 x86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "solaris 10 sparc",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 99",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 96",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 95",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 92",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 91",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 90",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 89",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 88",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 87",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 86",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 85",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 84",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 83",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 82",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 81",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 80",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 78",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 77",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 76",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 68",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 67",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 64",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 61",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 59",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 57",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 50",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 39",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 36",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 29",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 22",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 19",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 13",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensolaris build snv 100",
"scope": null,
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "11.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.3"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "10.2"
},
{
"model": "red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.0.1"
},
{
"model": "red hat network satellite server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.0"
},
{
"model": "red hat network satellite (for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4)5.1"
},
{
"model": "jboss enterprise application platform el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"model": "jboss enterprise application platform el4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"model": "jboss enterprise application platform .cp03",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"model": "enterprise linux desktop workstation client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux desktop client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "developer suite as4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3"
},
{
"model": "certificate server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "application server ws4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2"
},
{
"model": "application server es4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2"
},
{
"model": "application server as4",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "pardus",
"version": "20080"
},
{
"model": "zenworks linux management",
"scope": "eq",
"trust": 0.3,
"vendor": "novell",
"version": "7.3"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.1"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.1"
},
{
"model": "linux mandrake x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"model": "linux mandrake",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "2008.0"
},
{
"model": "xp p9000 performance advisor",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "5.4.1"
},
{
"model": "hp-ux b.11.31",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "hp-ux b.11.11",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage studio standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage studio enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"model": "interstage business application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.0"
},
{
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"model": "interstage apworks modelers-j edition 6.0a",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage apworks modelers-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"model": "interstage application server standard-j edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"model": "interstage application server standard-j edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"model": "interstage application server plus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"model": "interstage application server plus",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.1"
},
{
"model": "interstage application server enterprise edition a",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "9.0"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.2"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0.1"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "8.0"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0.1"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "7.0"
},
{
"model": "interstage application server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "fujitsu",
"version": "6.0"
},
{
"model": "meeting exchange enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0.0.52"
},
{
"model": "meeting exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "5.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.6"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.5"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.4"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1.3"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.2"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "4.0"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.1"
},
{
"model": "aura application enablement services",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "3.0"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "5.5"
},
{
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.9"
},
{
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "4.1"
},
{
"model": "ode",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.2"
},
{
"model": "ode",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.0"
},
{
"model": "systems wikid server",
"scope": "ne",
"trust": 0.3,
"vendor": "wikid",
"version": "3.0.5"
},
{
"model": "virtualcenter update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "2.56"
},
{
"model": "vcenter update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "4.01"
},
{
"model": "opensolaris build snv 101",
"scope": "ne",
"trust": 0.3,
"vendor": "sun",
"version": null
},
{
"model": "jboss enterprise application platform .cp04",
"scope": "ne",
"trust": 0.3,
"vendor": "redhat",
"version": "4.2"
},
{
"model": "xp p9000 performance advisor",
"scope": "ne",
"trust": 0.3,
"vendor": "hp",
"version": "5.5.1"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.18"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "5.5.27"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "4.1.38"
},
{
"model": "ode",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "1.3.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "BID",
"id": "30494"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001606"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-030"
},
{
"db": "NVD",
"id": "CVE-2008-2370"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:tomcat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:vmware:esx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:vmware:server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:vmware:vcenter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:vmware:virtualcenter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sun:opensolaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sun:solaris",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:xp_9000_performance_advisor_software",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001606"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\u0026#65279;Stefano Di Paola",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-030"
}
],
"trust": 0.6
},
"cve": "CVE-2008-2370",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2008-2370",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-2370",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#442845",
"trust": 0.8,
"value": "20.75"
},
{
"author": "NVD",
"id": "CVE-2008-2370",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200808-030",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2008-2370",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULMON",
"id": "CVE-2008-2370"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001606"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-030"
},
{
"db": "NVD",
"id": "CVE-2008-2370"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter. A vulnerability in a common PHP extension module could allow a remote attacker to execute code on a vulnerable system. Apache Tomcat is prone to a remote information-disclosure vulnerability. \nRemote attackers can exploit this issue to obtain the contents of sensitive files stored on the server. Information obtained may lead to further attacks. \nThe following versions are affected:\nTomcat 4.1.0 through 4.1.37\nTomcat 5.5.0 through 5.5.26\nTomcat 6.0.0 through 6.0.16\nTomcat 3.x, 4.0.x, and 5.0.x may also be affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nCVE-2008-2370: Apache Tomcat information disclosure vulnerability\n\nSeverity: Important\n\nVendor:\nThe Apache Software Foundation\n\nVersions Affected:\nTomcat 4.1.0 to 4.1.37\nTomcat 5.5.0 to 5.5.26\nTomcat 6.0.0 to 6.0.16\nThe unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected\n\nDescription:\nWhen using a RequestDispatcher the target path was normalised before the\nquery string was removed. A request that included a specially crafted\nrequest parameter could be used to access content that would otherwise be\nprotected by a security constraint or by locating it in under the WEB-INF\ndirectory. \n\nMitigation:\n6.0.x users should upgrade to 6.0.18\n5.5.x users should obtain the latest source from svn or apply this patch\nwhich will be included from 5.5.27\nhttp://svn.apache.org/viewvc?rev=680949\u0026view=rev\n4.1.x users should obtain the latest source from svn or apply this patch\nwhich will be included from 4.1.38\nhttp://svn.apache.org/viewvc?rev=680950\u0026view=rev\n\nExample:\nFor a page that contains:\n\u003c%\npageContext.forward(\"/page2.jsp?somepar=someval\u0026par=\"+request.getParameter(\"blah\"));\n%\u003e\nan attacker can use:\nhttp://host/page.jsp?blah=/../WEB-INF/web.xml\n\nCredit:\nThis issue was discovered by \ufeffStefano Di Paola of Minded Security Research\nLabs. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c01650939\nVersion: 1\n\nHPSBUX02401 SSRT090005 rev.1 - HP-UX Running Apache Web Server Suite, Remote Denial of Service (DoS), Cross-site Scripting (XSS), Execution of Arbitrary Code, Cross-Site Request Forgery (CSRF)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2009-02-02\nLast Updated: 2009-02-02\n\nPotential Security Impact: Remote Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, cross-site request forgery (CSRF)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX running Apache-based Web Server or Tomcat-based Servelet Engine. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS), execution of arbitrary code, or cross-site request forgery (CSRF). Apache-based Web Server and Tomcat-based Servelet Engine are contained in the Apache Web Server Suite. \n\nReferences: CVE-2007-6420, CVE-2008-1232, CVE-2008-1947, CVE-2008-2364, CVE-2008-2370, CVE-2008-2938, CVE-2008-2939, CVE-2008-3658\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23 and B.11.31 running Apache-based Web Server v2.2.8.01.01 or earlier or Tomcat-based Servelet Engine v5.5.27.01.01 or earlier \nHP-UX B.11.11 running Apache-based Web Server v2.2.8.01.01 or earlier \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics \n===============================================\nReference Base Vector Base Score \nCVE-2007-6420 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-1232 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-1947 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-2364 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0\nCVE-2008-2370 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 5.0\nCVE-2008-2938 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-2939 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2008-3658 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 7.5\n===============================================\nInformation on CVSS is documented in HP Customer Notice: HPSN-2008-002. \n \nRESOLUTION\n\nHP has provided the following upgrades to resolve these vulnerabilities. \nThe upgrades are available from the following location: \nURL: http://software.hp.com \n\nNote: HP-UX Web Server Suite v.3.02 contains HP-UX Apache-based Web Server v.2.2.8.01.02 \nand HP-UX Tomcat-based Servlet Engine 5.5.27.01.01 \n\nHP-UX Release - B.11.23 and B.11.31 PA-32\nApache Depot name - HPUXWSATW-B302-32.depot\n \nHP-UX Release - B.11.23 and B.11.31 IA-64\nApache Depot name - HPUXWSATW-B302-64.depot\n \nHP-UX Release - B.11.11 PA-32\nApache Depot name - HPUXWSATW-B222-1111.depot\n \n\nMANUAL ACTIONS: Yes - Update \n\nInstall Apache-based Web Server or Tomcat-based Servelet Engine from the Apache Web Server Suite v3.02 or subsequent \n\nPRODUCT SPECIFIC INFORMATION \n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa \n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS \n\nHP-UX B.11.11 \n================== \nhpuxwsAPACHE.APACHE \nhpuxwsAPACHE.APACHE2 \nhpuxwsAPACHE.AUTH_LDAP \nhpuxwsAPACHE.AUTH_LDAP2 \nhpuxwsAPACHE.MOD_JK \nhpuxwsAPACHE.MOD_JK2 \nhpuxwsAPACHE.MOD_PERL \nhpuxwsAPACHE.MOD_PERL2 \nhpuxwsAPACHE.PHP \nhpuxwsAPACHE.PHP2 \nhpuxwsAPACHE.WEBPROXY \nhpuxwsTOMCAT.TOMCAT \nhpuxwsWEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.23 \n================== \nhpuxws22APCH32.APACHE \nhpuxws22APCH32.APACHE2 \nhpuxws22APCH32.AUTH_LDAP \nhpuxws22APCH32.AUTH_LDAP2 \nhpuxws22APCH32.MOD_JK \nhpuxws22APCH32.MOD_JK2 \nhpuxws22APCH32.MOD_PERL \nhpuxws22APCH32.MOD_PERL2 \nhpuxws22APCH32.PHP \nhpuxws22APCH32.PHP2 \nhpuxws22APCH32.WEBPROXY \nhpuxws22APCH32.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \nhpuxws22WEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nHP-UX B.11.31 \n================== \nhpuxws22APACHE.APACHE \nhpuxws22APACHE.APACHE2 \nhpuxws22APACHE.AUTH_LDAP \nhpuxws22APACHE.AUTH_LDAP2 \nhpuxws22APACHE.MOD_JK \nhpuxws22APACHE.MOD_JK2 \nhpuxws22APACHE.MOD_PERL \nhpuxws22APACHE.MOD_PERL2 \nhpuxws22APACHE.PHP \nhpuxws22APACHE.PHP2 \nhpuxws22APACHE.WEBPROXY \nhpuxws22APACHE.WEBPROXY2 \nhpuxws22TOMCAT.TOMCAT \nhpuxws22WEBMIN.WEBMIN \n\naction: install revision B.2.2.8.01.02 or subsequent \nURL: http://software.hp.com \n\nEND AFFECTED VERSIONS \n\nHISTORY \nVersion:1 (rev.1) 2 February 2009 Initial release \n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com \nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com \n Subject: get key\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email: \nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC \nOn the web page: ITRC security bulletins and patch sign-up \nUnder Step1: your ITRC security bulletins and patches \n - check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems \n - verify your operating system selections are checked and save. \n\n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php \nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do \n\n\n* The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title: \n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n \nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\n\\xa9Copyright 2009 Hewlett-Packard Development Company, L.P. \n\nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -----------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2009-0016\nSynopsis: VMware vCenter and ESX update release and vMA patch\n release address multiple security issue in third\n party components\nIssue date: 2009-11-20\nUpdated on: 2009-11-20 (initial release of advisory)\nCVE numbers: --- JRE ---\n CVE-2009-1093 CVE-2009-1094 CVE-2009-1095\n CVE-2009-1096 CVE-2009-1097 CVE-2009-1098\n CVE-2009-1099 CVE-2009-1100 CVE-2009-1101\n CVE-2009-1102 CVE-2009-1103 CVE-2009-1104\n CVE-2009-1105 CVE-2009-1106 CVE-2009-1107\n CVE-2009-2625 CVE-2009-2670 CVE-2009-2671\n CVE-2009-2672 CVE-2009-2673 CVE-2009-2675\n CVE-2009-2676 CVE-2009-2716 CVE-2009-2718\n CVE-2009-2719 CVE-2009-2720 CVE-2009-2721\n CVE-2009-2722 CVE-2009-2723 CVE-2009-2724\n --- Tomcat ---\n CVE-2008-5515 CVE-2009-0033 CVE-2009-0580\n CVE-2009-0781 CVE-2009-0783 CVE-2008-1232\n CVE-2008-1947 CVE-2008-2370 CVE-2007-5333\n CVE-2007-5342 CVE-2007-5461 CVE-2007-6286\n CVE-2008-0002\n --- ntp ---\n CVE-2009-1252 CVE-2009-0159\n --- kernel ---\n CVE-2008-3528 CVE-2008-5700 CVE-2009-0028\n CVE-2009-0269 CVE-2009-0322 CVE-2009-0675\n CVE-2009-0676 CVE-2009-0778 CVE-2008-4307\n CVE-2009-0834 CVE-2009-1337 CVE-2009-0787\n CVE-2009-1336 CVE-2009-1439 CVE-2009-1633\n CVE-2009-1072 CVE-2009-1630 CVE-2009-1192\n CVE-2007-5966 CVE-2009-1385 CVE-2009-1388\n CVE-2009-1389 CVE-2009-1895 CVE-2009-2406\n CVE-2009-2407 CVE-2009-2692 CVE-2009-2698\n CVE-2009-0745 CVE-2009-0746 CVE-2009-0747\n CVE-2009-0748 CVE-2009-2847 CVE-2009-2848\n --- python ---\n CVE-2007-2052 CVE-2007-4965 CVE-2008-1721\n CVE-2008-1887 CVE-2008-2315 CVE-2008-3142\n CVE-2008-3143 CVE-2008-3144 CVE-2008-4864\n CVE-2008-5031\n --- bind ---\n CVE-2009-0696\n --- libxml and libxml2 ---\n CVE-2009-2414 CVE-2009-2416\n --- curl --\n CVE-2009-2417\n --- gnutil ---\n CVE-2007-2052\n- -----------------------------------------------------------------------\n\n1. Summary\n\n Updated Java JRE packages and Tomcat packages address several security\n issues. Updates for the ESX Service Console and vMA include kernel,\n ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is\n also updated for ESXi userworlds. \n\n2. Relevant releases\n\n vCenter Server 4.0 before Update 1\n\n ESXi 4.0 without patch ESXi400-200911201-UG\n\n ESX 4.0 without patches ESX400-200911201-UG, ESX400-200911223-UG,\n ESX400-200911232-SG, ESX400-200911233-SG,\n ESX400-200911234-SG, ESX400-200911235-SG,\n ESX400-200911237-SG, ESX400-200911238-SG\n\n vMA 4.0 before patch 02\n\n3. Problem Description\n\n a. JRE Security Update\n\n JRE update to version 1.5.0_20, which addresses multiple security\n issues that existed in earlier releases of JRE. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095,\n CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099,\n CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103,\n CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671,\n CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676,\n CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720,\n CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter 4.0 Windows Update 1\n VirtualCenter 2.5 Windows affected, patch pending\n VirtualCenter 2.0.2 Windows affected, patch pending\n\n Workstation any any not affected\n\n Player any any not affected\n\n Server 2.0 any affected, patch pending\n Server 1.0 any not affected\n\n ACE any any not affected\n\n Fusion any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-200911223-UG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 Patch 2 *\n\n * vMA JRE is updated to version JRE 1.5.0_21\n\n Notes: These vulnerabilities can be exploited remotely only if the\n attacker has access to the Service Console network. \n\n Security best practices provided by VMware recommend that the\n Service Console be isolated from the VM network. Please see\n http://www.vmware.com/resources/techresources/726 for more\n information on VMware security best practices. \n\n The currently installed version of JRE depends on your patch\n deployment history. \n\n\n b. Update Apache Tomcat version to 6.0.20\n\n Update for VirtualCenter and ESX patch update the Tomcat package to\n version 6.0.20 which addresses multiple security issues that existed\n in the previous version of Apache Tomcat. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.20: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580,\n CVE-2009-0781, CVE-2009-0783. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org) has\n assigned the following names to the security issues fixed in\n Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461,\n CVE-2007-6286, CVE-2008-0002. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ======== ======== ======= =======================\n vCenter 4.0 Windows Update 1\n VirtualCenter 2.5 Windows affected, patch pending\n VirtualCenter 2.0.2 Windows affected, patch pending\n\n Workstation any any not affected\n\n Player any any not affected\n\n ACE any Windows not affected\n\n Server 2.x any affected, patch pending\n Server 1.x any not affected\n\n Fusion any Mac OS/X not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-200911223-UG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 not affected\n\n Notes: These vulnerabilities can be exploited remotely only if the\n attacker has access to the Service Console network. \n\n Security best practices provided by VMware recommend that the\n Service Console be isolated from the VM network. Please see\n http://www.vmware.com/resources/techresources/726 for more\n information on VMware security best practices. \n\n The currently installed version of Tomcat depends on\n your patch deployment history. \n\n c. Third party library update for ntp. \n\n The Network Time Protocol (NTP) is used to synchronize a computer\u0027s\n time with a referenced time source. \n\n ESXi 3.5 and ESXi 4.0 have a ntp client that is affected by the\n following security issue. Note that the same security issue is\n present in the ESX Service Console as described in section d. of\n this advisory. \n\n A buffer overflow flaw was discovered in the ntpd daemon\u0027s NTPv4\n authentication code. If ntpd was configured to use public key\n cryptography for NTP packet authentication, a remote attacker could\n use this flaw to send a specially-crafted request packet that could\n crash ntpd or, potentially, execute arbitrary code with the\n privileges of the \"ntp\" user. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1252 to this issue. \n\n The NTP security issue identified by CVE-2009-0159 is not relevant\n for ESXi 3.5 and ESXi 4.0. \n\n The following table lists what action remediates the vulnerability\n in this component (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi 4.0 ESXi ESXi400-200911201-UG\n ESXi 3.5 ESXi affected, patch pending\n\n ESX 4.0 ESX not affected\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 not affected\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n d. Service Console update for ntp\n\n Service Console package ntp updated to version ntp-4.2.2pl-9.el5_3.2\n\n The Network Time Protocol (NTP) is used to synchronize a computer\u0027s\n time with a referenced time source. \n\n The Service Console present in ESX is affected by the following\n security issues. \n\n A buffer overflow flaw was discovered in the ntpd daemon\u0027s NTPv4\n authentication code. If ntpd was configured to use public key\n cryptography for NTP packet authentication, a remote attacker could\n use this flaw to send a specially-crafted request packet that could\n crash ntpd or, potentially, execute arbitrary code with the\n privileges of the \"ntp\" user. \n\n NTP authentication is not enabled by default on the Service Console. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1252 to this issue. \n\n A buffer overflow flaw was found in the ntpq diagnostic command. A\n malicious, remote server could send a specially-crafted reply to an\n ntpq request that could crash ntpq or, potentially, execute\n arbitrary code with the privileges of the user running the ntpq\n command. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-0159 to this issue. \n\n The following table lists what action remediates the vulnerability\n in the Service Console (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-200911238-SG\n ESX 3.5 ESX affected, patch pending **\n ESX 3.0.3 ESX affected, patch pending **\n ESX 2.5.5 ESX affected, patch pending **\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n ** The service consoles of ESX 2.5.5, ESX 3.0.3 and ESX 3.5 are not\naffected\n by CVE-2009-1252. The security issue identified by CVE-2009-0159 has a\n low impact on the service console of ESX 2.5.5, ESX 3.0.3 and ESX 3.5. \n\n e. Updated Service Console package kernel\n\n Updated Service Console package kernel addresses the security\n issues below. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-3528, CVE-2008-5700, CVE-2009-0028,\n CVE-2009-0269, CVE-2009-0322, CVE-2009-0675, CVE-2009-0676,\n CVE-2009-0778 to the security issues fixed in kernel\n 2.6.18-128.1.6. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2008-4307, CVE-2009-0834, CVE-2009-1337,\n CVE-2009-0787, CVE-2009-1336 to the security issues fixed in\n kernel 2.6.18-128.1.10. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-1439, CVE-2009-1633, CVE-2009-1072,\n CVE-2009-1630, CVE-2009-1192 to the security issues fixed in\n kernel 2.6.18-128.1.14. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-5966, CVE-2009-1385, CVE-2009-1388,\n CVE-2009-1389, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407 to the\n security issues fixed in kernel 2.6.18-128.4.1. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2692, CVE-2009-2698 to the\n security issues fixed in kernel 2.6.18-128.7.1. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-0745, CVE-2009-0746, CVE-2009-0747,\n CVE-2009-0748, CVE-2009-2847, CVE-2009-2848 to the security issues\n fixed in kernel 2.6.18-164. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911201-UG\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n ESX 2.5.5 ESX not applicable\n\n vMA 4.0 RHEL5 Patch 2 **\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n ** vMA is updated to kernel version 2.6.18-164. \n\n f. Updated Service Console package python\n\n Service Console package Python update to version 2.4.3-24.el5. \n\n When the assert() system call was disabled, an input sanitization\n flaw was revealed in the Python string object implementation that\n led to a buffer overflow. The missing check for negative size values\n meant the Python memory allocator could allocate less memory than\n expected. This could result in arbitrary code execution with the\n Python interpreter\u0027s privileges. \n\n Multiple buffer and integer overflow flaws were found in the Python\n Unicode string processing and in the Python Unicode and string\n object implementations. An attacker could use these flaws to cause\n a denial of service. \n\n Multiple integer overflow flaws were found in the Python imageop\n module. If a Python application used the imageop module to\n process untrusted images, it could cause the application to\n disclose sensitive information, crash or, potentially, execute\n arbitrary code with the Python interpreter\u0027s privileges. \n\n Multiple integer underflow and overflow flaws were found in the\n Python snprintf() wrapper implementation. An attacker could use\n these flaws to cause a denial of service (memory corruption). \n\n Multiple integer overflow flaws were found in various Python\n modules. An attacker could use these flaws to cause a denial of\n service. \n\n An integer signedness error, leading to a buffer overflow, was\n found in the Python zlib extension module. If a Python application\n requested the negative byte count be flushed for a decompression\n stream, it could cause the application to crash or, potentially,\n execute arbitrary code with the Python interpreter\u0027s privileges. \n\n A flaw was discovered in the strxfrm() function of the Python\n locale module. Strings generated by this function were not properly\n NULL-terminated, which could possibly cause disclosure of data\n stored in the memory of a Python application using this function. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-2052 CVE-2007-4965 CVE-2008-1721\n CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143\n CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 to these issues. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911235-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n g. Updated Service Console package bind\n\n Service Console package bind updated to version 9.3.6-4.P1.el5\n\n The Berkeley Internet Name Domain (BIND) is an implementation of the\n Domain Name System (DNS) protocols. BIND includes a DNS server\n (named); a resolver library (routines for applications to use when\n interfacing with DNS); and tools for verifying that the DNS server\n is operating correctly. \n\n A flaw was found in the way BIND handles dynamic update message\n packets containing the \"ANY\" record type. A remote attacker could\n use this flaw to send a specially-crafted dynamic update packet\n that could cause named to exit with an assertion failure. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-0696 to this issue. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911237-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n h. Updated Service Console package libxml2\n\n Service Console package libxml2 updated to version 2.6.26-2.1.2.8. \n\n libxml is a library for parsing and manipulating XML files. A\n Document Type Definition (DTD) defines the legal syntax (and also\n which elements can be used) for certain types of files, such as XML\n files. \n\n A stack overflow flaw was found in the way libxml processes the\n root XML document element definition in a DTD. A remote attacker\n could provide a specially-crafted XML file, which once opened by a\n local, unsuspecting user, would lead to denial of service. \n\n Multiple use-after-free flaws were found in the way libxml parses\n the Notation and Enumeration attribute types. A remote attacker\n could provide a specially-crafted XML file, which once opened by a\n local, unsuspecting user, would lead to denial of service. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2414 and CVE-2009-2416 to these\n issues. \n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911234-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n i. Updated Service Console package curl\n\n Service Console package curl updated to version 7.15.5-2.1.el5_3.5\n\n A cURL is affected by the previously published \"null prefix attack\",\n caused by incorrect handling of NULL characters in X.509\n certificates. If an attacker is able to get a carefully-crafted\n certificate signed by a trusted Certificate Authority, the attacker\n could use the certificate during a man-in-the-middle attack and\n potentially confuse cURL into accepting it by mistake. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-2417 to this issue\n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911232-SG\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n j. Updated Service Console package gnutls\n\n Service Console package gnutil updated to version 1.4.1-3.el5_3.5\n\n A flaw was discovered in the way GnuTLS handles NULL characters in\n certain fields of X.509 certificates. If an attacker is able to get\n a carefully-crafted certificate signed by a Certificate Authority\n trusted by an application using GnuTLS, the attacker could use the\n certificate during a man-in-the-middle attack and potentially\n confuse the application into accepting it by mistake. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the name CVE-2009-2730 to this issue\n\n The following table lists what action remediates the vulnerability\n (column 4) if a solution is available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n vCenter any Windows not applicable\n\n hosted * any any not applicable\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-200911233-SG\n ESX 3.5 ESX not affected\n ESX 3.0.3 ESX not affected\n ESX 2.5.5 ESX not affected\n\n vMA 4.0 RHEL5 Patch 2\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum of your downloaded file. \n\n\n VMware vCenter Server 4 Update 1\n --------------------------------\n Version 4.0 Update 1\n Build Number 208156\n Release Date 2009/11/19\n Type Product Binaries\n http://downloads.vmware.com/download/download.do?downloadGroup=VC40U1\n\n VMware vCenter Server 4 and modules\n File size: 1.8 GB\n File type: .iso\n MD5SUM: 057d55b32eb27fe5f3e01bc8d3df3bc5\n SHA1SUM: c90134418c2e4d3d6637d8bee44261300ad95ec1\n\n VMware vCenter Server 4 and modules\n File size: 1.5 GB\n File type: .zip\n MD5SUM: f843d9c19795eb3bc5a77f5c545468a8\n SHA1SUM: 9a7abd8e70bd983151e2ee40e1b3931525c4480c\n\n VMware vSphere Client and Host Update Utility\n File size: 113.8 MB\n File type: .exe\n MD5SUM: 6cc6b2c958e7e9529c284e48dfae22a9\n SHA1SUM: f4c19c63a75d93cffc57b170066358160788c959\n\n VMware vCenter Converter BootCD\n File size: 98.8 MB\n File type: .zip\n MD5SUM: 3df94eb0e93de76b0389132ada2a3799\n SHA1SUM: 5d7c04e4f9f8ae25adc8de5963fefd8a4c92464c\n\n VMware vCenter Converter CLI (Linux)\n File size: 36.9 MB\n File type: .tar.gz\n MD5SUM: 3766097563936ba5e03e87e898f6bd48\n SHA1SUM: 36d485bdb5eb279296ce8c8523df04bfb12a2cb4\n\n\n ESXi 4.0 Update 1\n -----------------\n ESXi400-200911201-UG\n\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-155-20091116-013169/ESXi-4.0.0-update01.zip\n md5sum:c6fdd6722d9e5cacb280bdcc2cca0627\n sha1sum:de9d4875f86b6493f9da991a8cff37784215db2e\n http://kb.vmware.com/kb/1014886\n\n NOTE: The three ESXi patches for Firmware, VMware Tools, and the\n VI Client \"C\" are contained in a single download file. \n\n\n ESX 4.0 Update 1\n ----------------\n\nhttps://hostupdate.vmware.com/software/VUM/OFFLINE/release-158-20091118-187517/ESX-4.0.0-update01.zip\n md5sum: 68934321105c34dcda4cbeeab36a2b8f\n sha1sum: 0d8ae58cf9143d5c7113af9692dea11ed2dd864b\n http://kb.vmware.com/kb/1014842\n\n To install an individual bulletin use esxupdate with the -b option. \n esxupdate --bundle=ESX-4.0.0-update01.zip -b ESX400-200911223-UG\n -b ESX400-200911238-SG -b ESX400-200911201-UG -b ESX400-200911235-SG\n -b ESX400-200911237-SG -b ESX400-200911234-SG -b ESX400-200911232-SG\n -b ESX400-200911233-SG update\n\n\n5. References\n\n CVE numbers\n --- JRE ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1093\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1095\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1096\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1097\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1098\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1099\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1100\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1101\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1102\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1103\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1104\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1105\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1106\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1107\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2670\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2671\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2672\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2673\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2675\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2676\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2716\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2718\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2719\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2720\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2721\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2722\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2723\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2724\n --- Tomcat ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5515\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0580\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0781\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0783\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0002\n --- ntp ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0159\n --- kernel ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3528\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5700\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0269\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0322\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0675\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0778\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4307\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0834\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1337\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0787\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1336\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1633\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1072\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1630\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1192\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5966\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1385\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1389\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1895\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2406\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2407\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2698\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0745\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0746\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0747\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0748\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2847\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2848\n --- python ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4965\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1721\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1887\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2315\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3142\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3143\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3144\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4864\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5031\n --- bind ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696\n --- libxml and libxml2 ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2414\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2416\n --- curl --\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2417\n --- gnutil ---\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2052\n\n\n- ------------------------------------------------------------------------\n6. Change log\n\n2009-11-20 VMSA-2009-0016\nInitial security advisory after release of vCenter 4.0 Update 1 and\nESX 4.0 Update 1 on 2009-11-19 and release of vMA Patch 2 on 2009-11-23. \n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/lifecycle/\n\nCopyright 2009 VMware Inc. All rights reserved. \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.11 (GNU/Linux)\nComment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\n\niEYEARECAAYFAksHAooACgkQS2KysvBH1xmQMACfTEcnuPanvucXPmgJCTT054o+\ndtoAniXz+9xLskrkPr3oUzAcDeV729WG\n=wSRz\n-----END PGP SIGNATURE-----\n. \n\n\nAffected Products\n=================\nThe WiKID Strong Authentication Server - Enterprise Edition\nThe WiKID Strong Authentication Server - Community Edition\n\nReferences\n==========\n\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5333\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6286\n\nMitigation\n==========\n\nCommercial users may download the most recent RPMs from the website:\nhttp://www.wikidsystems.com/downloads/\n\nUsers of the open source community version may download packages from\nSourceforge:\nhttps://sourceforge.net/project/showfiles.php?group_id=144774\n\n\n\n- --\nNick Owen\nWiKID Systems, Inc. \n404-962-8983 (desk)\nhttp://www.wikidsystems.com\nTwo-factor authentication, without the hassle factor. References\n\n Tomcat release notes\n tomcat.apache.org/security-5.html\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\n\n- - ------------------------------------------------------------------------\n6. \n \n A cross-site scripting vulnerability was found in the\n HttpServletResponse.sendError() method which could allow a remote\n attacker to inject arbitrary web script or HTML via forged HTTP headers\n (CVE-2008-1232). \n \n A cross-site scripting vulnerability was found in the host manager\n application that could allow a remote attacker to inject arbitrary\n web script or HTML via the hostname parameter (CVE-2008-1947). \n \n A traversal vulnerability was found when the \u0027allowLinking\u0027 and\n \u0027URIencoding\u0027 settings were actived which could allow a remote attacker\n to use a UTF-8-encoded request to extend their privileges and obtain\n local files accessible to the Tomcat process (CVE-2008-2938). \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5342\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1232\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1947\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2370\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2938\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n 56ca5eb3e331c6675634a5e3f3c5afd7 2008.0/i586/tomcat5-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n a1c688654decf045f80fb6d8978c73fa 2008.0/i586/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 2b7a97313ece05bbd5596045853cfca0 2008.0/i586/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n e8384332efad0e2317a646241bece6ee 2008.0/i586/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n a30cc8061f55f2613c517574263cdd21 2008.0/i586/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 4f4a12c8479f27c7f9ed877f5821afa3 2008.0/i586/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n ced904c459478c1123ed5da41dddbd7f 2008.0/i586/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 183e045a9b44747c7a4adaec5c860441 2008.0/i586/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 78af5a5788ac359a99a24f03a39c7b94 2008.0/i586/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 8e8569bfab5abef912299b9b751e49e9 2008.0/i586/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.i586.rpm\n 6899c327906423cdd02b930221c2496e 2008.0/i586/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.i586.rpm \n 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n c4d1c4471c29d8cd34adb9f2002ef294 2008.0/x86_64/tomcat5-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 2caf09173a64a378636496196d99756f 2008.0/x86_64/tomcat5-admin-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n d6a9a290638267a1117a55041986d31a 2008.0/x86_64/tomcat5-common-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 2eead87d72af58ddc9e934b55e49a1aa 2008.0/x86_64/tomcat5-jasper-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 0fab26f89e83c882c5948a430bf82c8b 2008.0/x86_64/tomcat5-jasper-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 833334424b555a77e2a9951b71ed8fa3 2008.0/x86_64/tomcat5-jsp-2.0-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 115561d6233c3890cf3b85a7599ed03b 2008.0/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n eccf76ede6fb9256a2b52c861a9b0bb3 2008.0/x86_64/tomcat5-server-lib-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n cd9df1a8a1a5cb3216221bdefdfe8476 2008.0/x86_64/tomcat5-servlet-2.4-api-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n f7440a4111ec2fd30fa32e4bd74a0a20 2008.0/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm\n 1464eb297888c4df98d8b7eabe7f0197 2008.0/x86_64/tomcat5-webapps-5.5.23-9.2.10.2mdv2008.0.x86_64.rpm \n 39fd3985d73f2f20efe4ed97c2a5e7c7 2008.0/SRPMS/tomcat5-5.5.23-9.2.10.2mdv2008.0.src.rpm\n\n Mandriva Linux 2008.1:\n 594abdc70bc430657eb831520926c73f 2008.1/i586/tomcat5-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n bdec2b83b4fdb4d10a01a65fbdac512d 2008.1/i586/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 3dbc007722996d1c36f31642f80b5c2a 2008.1/i586/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 04b23d162d13f84d1d8707646ea9148c 2008.1/i586/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 602bf7d4ff261e8af20d50b9e76634bb 2008.1/i586/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 0066e7519a2d3478f0a3e70bd95a7e5b 2008.1/i586/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 1ba4743762cfa4594a27f0393de47823 2008.1/i586/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 262f2a39b800562cef36d724ce3efa35 2008.1/i586/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n b9f2af35a734d0e3a2d9bfe292aaced1 2008.1/i586/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 8307ef374c5b995feac394b6f27474d5 2008.1/i586/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 3f4692170c35f992defcb4111a8133cd 2008.1/i586/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.i586.rpm\n 02b9d28af879b825754eff6199bf1788 2008.1/i586/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.i586.rpm \n 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm\n\n Mandriva Linux 2008.1/X86_64:\n 6b1e03e5206eb262970198dccba7d0a3 2008.1/x86_64/tomcat5-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 930cf38058a0f8902e2741c6512e0aa0 2008.1/x86_64/tomcat5-admin-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n c527521cb93bab31df3f91422faf02a6 2008.1/x86_64/tomcat5-common-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n f8bef98047ef956c8e4c0f877155e1f1 2008.1/x86_64/tomcat5-jasper-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 97a8a59178259d26838ce20c176c459a 2008.1/x86_64/tomcat5-jasper-eclipse-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 3bb885debc8576bd305c9fa4c9d25bfb 2008.1/x86_64/tomcat5-jasper-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 66dcf08e163fdaaf81992a7d25d84a20 2008.1/x86_64/tomcat5-jsp-2.0-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n dd92aab81bf4c75ab30b9b82153b24c0 2008.1/x86_64/tomcat5-jsp-2.0-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 517ed776282d089dd84f81d47104f660 2008.1/x86_64/tomcat5-server-lib-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n 83d4bb973b7fec461e812d74541a5949 2008.1/x86_64/tomcat5-servlet-2.4-api-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n cbdd58e1c9e1e8f0089af055abbd85e0 2008.1/x86_64/tomcat5-servlet-2.4-api-javadoc-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm\n cbee0f1f720269f77a66e30709ecd7ae 2008.1/x86_64/tomcat5-webapps-5.5.25-1.2.1.1mdv2008.1.x86_64.rpm \n 2621d41df35e895a1ed0ed471f93f211 2008.1/SRPMS/tomcat5-5.5.25-1.2.1.1mdv2008.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFIwYsKmqjQ0CJFipgRApJjAKCVZ1XtEGoADQcp8l/m1ECSRstnjACg4qE8\nj+sCdAEJN0CXvurmFcjUvNU=\n=+kFf\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nNucleus XML-RPC PHP Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA15895\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/15895/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nNucleus 3.x\nhttp://secunia.com/product/3699/\n\nDESCRIPTION:\nA vulnerability has been reported in Nucleus, which can be exploited\nby malicious people to compromise a vulnerable system. \nhttp://sourceforge.net/project/showfiles.php?group_id=66479\n\nOTHER REFERENCES:\nSA15852:\nhttp://secunia.com/advisories/15852/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. HP has updated the Apache Tomcat and Oracle database software to\naddress vulnerabilities affecting confidentiality, availability, and\nintegrity. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-2370"
},
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001606"
},
{
"db": "BID",
"id": "30494"
},
{
"db": "VULMON",
"id": "CVE-2008-2370"
},
{
"db": "PACKETSTORM",
"id": "68743"
},
{
"db": "PACKETSTORM",
"id": "74633"
},
{
"db": "PACKETSTORM",
"id": "82837"
},
{
"db": "PACKETSTORM",
"id": "70055"
},
{
"db": "PACKETSTORM",
"id": "125556"
},
{
"db": "PACKETSTORM",
"id": "75161"
},
{
"db": "PACKETSTORM",
"id": "69700"
},
{
"db": "PACKETSTORM",
"id": "38388"
},
{
"db": "PACKETSTORM",
"id": "125436"
}
],
"trust": 3.51
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=32137",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-2370"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-2370",
"trust": 3.6
},
{
"db": "BID",
"id": "30494",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "31381",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "31379",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1020623",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "33797",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31639",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "36249",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "37460",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31982",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "32120",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "35393",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "32266",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "32222",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "33999",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31865",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "57126",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "31891",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "34013",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-1535",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-0503",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2823",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2780",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-3316",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-0320",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2009-2215",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2305",
"trust": 1.7
},
{
"db": "BID",
"id": "31681",
"trust": 1.7
},
{
"db": "SREASON",
"id": "4099",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "15895",
"trust": 0.9
},
{
"db": "SECUNIA",
"id": "15810",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15922",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15852",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15855",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15861",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15862",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15872",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15883",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "15884",
"trust": 0.8
},
{
"db": "BID",
"id": "14088",
"trust": 0.8
},
{
"db": "SECTRACK",
"id": "1014327",
"trust": 0.8
},
{
"db": "CERT/CC",
"id": "VU#442845",
"trust": 0.8
},
{
"db": "XF",
"id": "44156",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001606",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200808-030",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "32137",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2008-2370",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68743",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "74633",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82837",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "70055",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125556",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "75161",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "69700",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "38388",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125436",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULMON",
"id": "CVE-2008-2370"
},
{
"db": "BID",
"id": "30494"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001606"
},
{
"db": "PACKETSTORM",
"id": "68743"
},
{
"db": "PACKETSTORM",
"id": "74633"
},
{
"db": "PACKETSTORM",
"id": "82837"
},
{
"db": "PACKETSTORM",
"id": "70055"
},
{
"db": "PACKETSTORM",
"id": "125556"
},
{
"db": "PACKETSTORM",
"id": "75161"
},
{
"db": "PACKETSTORM",
"id": "69700"
},
{
"db": "PACKETSTORM",
"id": "38388"
},
{
"db": "PACKETSTORM",
"id": "125436"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-030"
},
{
"db": "NVD",
"id": "CVE-2008-2370"
}
]
},
"id": "VAR-200808-0011",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.16519225
},
"last_update_date": "2024-11-29T22:25:20.272000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fixed in Apache Tomcat 5.5.SVN",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-5.html"
},
{
"title": "Fixed in Apache Tomcat 6.0.18",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"title": "Fixed in Apache Tomcat 4.1.SVN",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-4.html"
},
{
"title": "APPLE-SA-2008-10-09 Security Update 2008-007",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"title": "HT3216",
"trust": 0.8,
"url": "http://support.apple.com/en-us/HT3216"
},
{
"title": "HT3216",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/HT3216"
},
{
"title": "tomcat5-5.5.23-0jpp.7.1.1AXS3",
"trust": 0.8,
"url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=156"
},
{
"title": "ASA-2008-401",
"trust": 0.8,
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"
},
{
"title": "HPSBUX02401 SSRT090005",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c01650939"
},
{
"title": "HPSBST02955 SSRT101157",
"trust": 0.8,
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04047415"
},
{
"title": "1381",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1381"
},
{
"title": "NV09-012",
"trust": 0.8,
"url": "http://www.nec.co.jp/security-info/secinfo/nv09-012.html"
},
{
"title": "RHSA-2008:0648",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2008-0648.html"
},
{
"title": "RHSA-2008:0862",
"trust": 0.8,
"url": "https://rhn.redhat.com/errata/RHSA-2008-0862.html"
},
{
"title": "Multiple vulnerabilities in Oracle Java Web Console",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1"
},
{
"title": "251986",
"trust": 0.8,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-251986-1"
},
{
"title": "VMSA-2009-0002",
"trust": 0.8,
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html"
},
{
"title": "VMSA-2009-0016",
"trust": 0.8,
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"title": "interstage_as_200902",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_200902.html"
},
{
"title": "Red Hat: Important: jbossweb security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080877 - Security Advisory"
},
{
"title": "Red Hat: Important: tomcat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080864 - Security Advisory"
},
{
"title": "Red Hat: Important: tomcat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20080862 - Security Advisory"
},
{
"title": "Red Hat: Low: tomcat security update for Red Hat Network Satellite Server",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20081007 - Security Advisory"
},
{
"title": "VMware Security Advisories: VirtualCenter Update 4 and ESX patch update Tomcat to version 5.5.27",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=73a787a1c84c97013ffa2f87f6d2e4ba"
},
{
"title": "VMware Security Advisories: VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=4675848a694e2124743f676a2c827ef7"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2008-2370"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001606"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001606"
},
{
"db": "NVD",
"id": "CVE-2008-2370"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://www.securityfocus.com/bid/30494"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1020623"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/31379"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/31381"
},
{
"trust": 2.4,
"url": "http://www.vmware.com/security/advisories/vmsa-2009-0002.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/31681"
},
{
"trust": 2.3,
"url": "http://www.vmware.com/security/advisories/vmsa-2009-0016.html"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-4.html"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-5.html"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"trust": 2.0,
"url": "http://support.avaya.com/elmodocs2/security/asa-2008-401.htm"
},
{
"trust": 2.0,
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31639"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0648.html"
},
{
"trust": 1.7,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2008:188"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00889.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00859.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31891"
},
{
"trust": 1.7,
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-september/msg00712.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31865"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0862.html"
},
{
"trust": 1.7,
"url": "http://www.redhat.com/support/errata/rhsa-2008-0864.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2008/oct/msg00001.html"
},
{
"trust": 1.7,
"url": "http://support.apple.com/kb/ht3216"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/32222"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/4099"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31982"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/33797"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/32120"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/32266"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/0503"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/33999"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/34013"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/35393"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/1535"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/2215"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/36249"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/37460"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2009/0320"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/2823"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/2305"
},
{
"trust": 1.7,
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/57126"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5876"
},
{
"trust": 1.7,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a10577"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/495022/100/0/threaded"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.6,
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2370"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/15895/"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/15852/"
},
{
"trust": 0.8,
"url": "http://www.hardened-php.net/advisory-022005.php"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15861/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15862/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15884/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15883/"
},
{
"trust": 0.8,
"url": "http://news.postnuke.com/modules.php?op=modload\u0026name=news\u0026file=article\u0026sid=2699"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15855/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15810/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15872/"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/15922/"
},
{
"trust": 0.8,
"url": "http://securitytracker.com/alerts/2005/jun/1014327.html"
},
{
"trust": 0.8,
"url": "http://www.gulftech.org/?node=research\u0026article_id=00088-07022005"
},
{
"trust": 0.8,
"url": "http://www.gulftech.org/?node=research\u0026article_id=00087-07012005"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/14088"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2008/2305"
},
{
"trust": 0.8,
"url": "http://xforce.iss.net/xforce/xfdb/44156"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2370"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2370"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1947"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1232"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1232"
},
{
"trust": 0.4,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1947"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5342"
},
{
"trust": 0.3,
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000068.html"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.3,
"url": "http://www.redhat.com/docs/en-us/jboss_enterprise_application_platform/4.2.0.cp04/html-single/readme/index.html"
},
{
"trust": 0.3,
"url": "https://sourceforge.net/project/shownotes.php?release_id=626903\u0026group_id=144774"
},
{
"trust": 0.3,
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-251986-1"
},
{
"trust": 0.3,
"url": "http://download.novell.com/download?buildid=n5vszfht1vs"
},
{
"trust": 0.3,
"url": "/archive/1/495022"
},
{
"trust": 0.3,
"url": "/archive/1/507985"
},
{
"trust": 0.3,
"url": "http://mail-archives.apache.org/mod_mbox/ode-user/200908.mbox/%3cfbdc6a970908072141w20a7a9d9ka1f896ad8073dffb@mail.gmail.com%3e"
},
{
"trust": 0.3,
"url": "http://rhn.redhat.com/errata/rhsa-2008-0648.html"
},
{
"trust": 0.3,
"url": "http://www.novell.com/support/viewcontent.do?externalid=7006398"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2938"
},
{
"trust": 0.3,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5342"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6286"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5333"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-5461"
},
{
"trust": 0.2,
"url": "http://enigmail.mozdev.org"
},
{
"trust": 0.2,
"url": "http://kb.vmware.com/kb/1055"
},
{
"trust": 0.2,
"url": "http://www.vmware.com/security"
},
{
"trust": 0.2,
"url": "http://www.vmware.com/support/policies/eos.html"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5461"
},
{
"trust": 0.2,
"url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
},
{
"trust": 0.2,
"url": "http://www.vmware.com/resources/techresources/726"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6286"
},
{
"trust": 0.2,
"url": "http://www.vmware.com/support/policies/security_response.html"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5333"
},
{
"trust": 0.2,
"url": "http://secunia.com/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2938"
},
{
"trust": 0.2,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-0002"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
},
{
"trust": 0.2,
"url": "http://www.hp.com"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0534"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5035"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
},
{
"trust": 0.2,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5063"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5064"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4172"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2481"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5062"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.2,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2008:0877"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/32137/"
},
{
"trust": 0.1,
"url": "http://tomcat.apache.org/security.html"
},
{
"trust": 0.1,
"url": "http://svn.apache.org/viewvc?rev=680949\u0026view=rev"
},
{
"trust": 0.1,
"url": "http://host/page.jsp?blah=/../web-inf/web.xml"
},
{
"trust": 0.1,
"url": "http://svn.apache.org/viewvc?rev=680950\u0026view=rev"
},
{
"trust": 0.1,
"url": "http://software.hp.com"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2364"
},
{
"trust": 0.1,
"url": "http://www.itrc.hp.com/service/cki/secbullarchive.do"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-6420"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc"
},
{
"trust": 0.1,
"url": "https://www.hp.com/go/swa"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2939"
},
{
"trust": 0.1,
"url": "http://h30046.www3.hp.com/subsignin.php"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3658"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1630"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1102"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1099"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1098"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0745"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5515"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2671"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2671"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0033"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1096"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-2052"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2315"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2416"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1093"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1095"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1101"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1094"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1099"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2724"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5031"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0159"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3143"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1439"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2716"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4864"
},
{
"trust": 0.1,
"url": "http://downloads.vmware.com/download/download.do?downloadgroup=vc40u1"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1895"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3142"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3144"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1093"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2407"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2692"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2673"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1887"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2723"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0778"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1096"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1721"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2675"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1103"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1097"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0746"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1103"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1385"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2670"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1633"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0747"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1106"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1102"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2414"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4965"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0748"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0834"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1014842"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2847"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-4307"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1097"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1105"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3528"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2406"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2625"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2417"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/lifecycle/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1106"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1337"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2722"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1094"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0781"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2698"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0783"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1107"
},
{
"trust": 0.1,
"url": "https://hostupdate.vmware.com/software/vum/offline/release-155-20091116-013169/esxi-4.0.0-update01.zip"
},
{
"trust": 0.1,
"url": "https://hostupdate.vmware.com/software/vum/offline/release-158-20091118-187517/esx-4.0.0-update01.zip"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1101"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1104"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1252"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1100"
},
{
"trust": 0.1,
"url": "http://enigmail.mozdev.org/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0676"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0028"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0696"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1072"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1336"
},
{
"trust": 0.1,
"url": "http://kb.vmware.com/kb/1014886"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1104"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2721"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0269"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1098"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1107"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1192"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1100"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0002"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5700"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1389"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5966"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0580"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0322"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2672"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1095"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2719"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2625"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0787"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1105"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2848"
},
{
"trust": 0.1,
"url": "http://www.wikidsystems.com"
},
{
"trust": 0.1,
"url": "https://sourceforge.net/project/showfiles.php?group_id=144774"
},
{
"trust": 0.1,
"url": "http://www.wikidsystems.com/downloads/"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/download/download.do?downloadgroup=vc250u4"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/policies/eos_vi.html"
},
{
"trust": 0.1,
"url": "http://www.vmware.com/support/vi3/doc/vi3_vc25u4_rel_notes.html"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/security/advisories"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3699/"
},
{
"trust": 0.1,
"url": "http://sourceforge.net/project/showfiles.php?group_id=66479"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULMON",
"id": "CVE-2008-2370"
},
{
"db": "BID",
"id": "30494"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001606"
},
{
"db": "PACKETSTORM",
"id": "68743"
},
{
"db": "PACKETSTORM",
"id": "74633"
},
{
"db": "PACKETSTORM",
"id": "82837"
},
{
"db": "PACKETSTORM",
"id": "70055"
},
{
"db": "PACKETSTORM",
"id": "125556"
},
{
"db": "PACKETSTORM",
"id": "75161"
},
{
"db": "PACKETSTORM",
"id": "69700"
},
{
"db": "PACKETSTORM",
"id": "38388"
},
{
"db": "PACKETSTORM",
"id": "125436"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-030"
},
{
"db": "NVD",
"id": "CVE-2008-2370"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#442845"
},
{
"db": "VULMON",
"id": "CVE-2008-2370"
},
{
"db": "BID",
"id": "30494"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001606"
},
{
"db": "PACKETSTORM",
"id": "68743"
},
{
"db": "PACKETSTORM",
"id": "74633"
},
{
"db": "PACKETSTORM",
"id": "82837"
},
{
"db": "PACKETSTORM",
"id": "70055"
},
{
"db": "PACKETSTORM",
"id": "125556"
},
{
"db": "PACKETSTORM",
"id": "75161"
},
{
"db": "PACKETSTORM",
"id": "69700"
},
{
"db": "PACKETSTORM",
"id": "38388"
},
{
"db": "PACKETSTORM",
"id": "125436"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-030"
},
{
"db": "NVD",
"id": "CVE-2008-2370"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-07-06T00:00:00",
"db": "CERT/CC",
"id": "VU#442845"
},
{
"date": "2008-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2008-2370"
},
{
"date": "2008-08-01T00:00:00",
"db": "BID",
"id": "30494"
},
{
"date": "2008-09-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001606"
},
{
"date": "2008-08-01T20:26:42",
"db": "PACKETSTORM",
"id": "68743"
},
{
"date": "2009-02-04T18:45:10",
"db": "PACKETSTORM",
"id": "74633"
},
{
"date": "2009-11-20T22:21:26",
"db": "PACKETSTORM",
"id": "82837"
},
{
"date": "2008-09-17T15:13:40",
"db": "PACKETSTORM",
"id": "70055"
},
{
"date": "2014-03-06T02:39:08",
"db": "PACKETSTORM",
"id": "125556"
},
{
"date": "2009-02-25T00:58:34",
"db": "PACKETSTORM",
"id": "75161"
},
{
"date": "2008-09-06T00:23:13",
"db": "PACKETSTORM",
"id": "69700"
},
{
"date": "2005-07-01T23:31:00",
"db": "PACKETSTORM",
"id": "38388"
},
{
"date": "2014-02-26T22:39:24",
"db": "PACKETSTORM",
"id": "125436"
},
{
"date": "2007-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-030"
},
{
"date": "2008-08-04T01:41:00",
"db": "NVD",
"id": "CVE-2008-2370"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-03-09T00:00:00",
"db": "CERT/CC",
"id": "VU#442845"
},
{
"date": "2019-03-25T00:00:00",
"db": "VULMON",
"id": "CVE-2008-2370"
},
{
"date": "2015-05-07T17:17:00",
"db": "BID",
"id": "30494"
},
{
"date": "2015-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001606"
},
{
"date": "2023-02-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-030"
},
{
"date": "2024-11-21T00:46:43.897000",
"db": "NVD",
"id": "CVE-2008-2370"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-030"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple PHP XML-RPC implementations vulnerable to code injection",
"sources": [
{
"db": "CERT/CC",
"id": "VU#442845"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-030"
}
],
"trust": 0.6
}
}
gsd-2008-2370
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2008-2370",
"description": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"id": "GSD-2008-2370",
"references": [
"https://www.suse.com/security/cve/CVE-2008-2370.html",
"https://access.redhat.com/errata/RHSA-2010:0602",
"https://access.redhat.com/errata/RHSA-2008:1007",
"https://access.redhat.com/errata/RHSA-2008:0877",
"https://access.redhat.com/errata/RHSA-2008:0864",
"https://access.redhat.com/errata/RHSA-2008:0862",
"https://access.redhat.com/errata/RHSA-2008:0648",
"https://linux.oracle.com/cve/CVE-2008-2370.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2008-2370"
],
"details": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.",
"id": "GSD-2008-2370",
"modified": "2023-12-13T01:23:00.878114Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-2370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/advisories/37460",
"refsource": "MISC",
"url": "http://secunia.com/advisories/37460"
},
{
"name": "http://tomcat.apache.org/security-4.html",
"refsource": "MISC",
"url": "http://tomcat.apache.org/security-4.html"
},
{
"name": "http://tomcat.apache.org/security-5.html",
"refsource": "MISC",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "MISC",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "http://www.securityfocus.com/archive/1/507985/100/0/threaded",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "MISC",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "http://www.vupen.com/english/advisories/2009/3316",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html",
"refsource": "MISC",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2",
"refsource": "MISC",
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"name": "http://secunia.com/advisories/32120",
"refsource": "MISC",
"url": "http://secunia.com/advisories/32120"
},
{
"name": "http://secunia.com/advisories/32222",
"refsource": "MISC",
"url": "http://secunia.com/advisories/32222"
},
{
"name": "http://secunia.com/advisories/32266",
"refsource": "MISC",
"url": "http://secunia.com/advisories/32266"
},
{
"name": "http://secunia.com/advisories/57126",
"refsource": "MISC",
"url": "http://secunia.com/advisories/57126"
},
{
"name": "http://support.apple.com/kb/HT3216",
"refsource": "MISC",
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm",
"refsource": "MISC",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"
},
{
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188",
"refsource": "MISC",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188"
},
{
"name": "http://www.redhat.com/support/errata/RHSA-2008-0862.html",
"refsource": "MISC",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"
},
{
"name": "http://www.securityfocus.com/bid/31681",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "http://www.vupen.com/english/advisories/2008/2780",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "http://www.vupen.com/english/advisories/2008/2823",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2008/2823"
},
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "http://secunia.com/advisories/31982",
"refsource": "MISC",
"url": "http://secunia.com/advisories/31982"
},
{
"name": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2",
"refsource": "MISC",
"url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
},
{
"name": "http://secunia.com/advisories/31379",
"refsource": "MISC",
"url": "http://secunia.com/advisories/31379"
},
{
"name": "http://secunia.com/advisories/31381",
"refsource": "MISC",
"url": "http://secunia.com/advisories/31381"
},
{
"name": "http://secunia.com/advisories/31639",
"refsource": "MISC",
"url": "http://secunia.com/advisories/31639"
},
{
"name": "http://secunia.com/advisories/31865",
"refsource": "MISC",
"url": "http://secunia.com/advisories/31865"
},
{
"name": "http://secunia.com/advisories/31891",
"refsource": "MISC",
"url": "http://secunia.com/advisories/31891"
},
{
"name": "http://secunia.com/advisories/33797",
"refsource": "MISC",
"url": "http://secunia.com/advisories/33797"
},
{
"name": "http://secunia.com/advisories/33999",
"refsource": "MISC",
"url": "http://secunia.com/advisories/33999"
},
{
"name": "http://secunia.com/advisories/34013",
"refsource": "MISC",
"url": "http://secunia.com/advisories/34013"
},
{
"name": "http://www.redhat.com/support/errata/RHSA-2008-0648.html",
"refsource": "MISC",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html"
},
{
"name": "http://www.redhat.com/support/errata/RHSA-2008-0864.html",
"refsource": "MISC",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html",
"refsource": "MISC",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html"
},
{
"name": "http://www.vupen.com/english/advisories/2008/2305",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2008/2305"
},
{
"name": "http://www.vupen.com/english/advisories/2009/0320",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2009/0320"
},
{
"name": "http://www.vupen.com/english/advisories/2009/0503",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2009/0503"
},
{
"name": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html",
"refsource": "MISC",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html"
},
{
"name": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html",
"refsource": "MISC",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html"
},
{
"name": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html",
"refsource": "MISC",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html"
},
{
"name": "http://secunia.com/advisories/35393",
"refsource": "MISC",
"url": "http://secunia.com/advisories/35393"
},
{
"name": "http://secunia.com/advisories/36249",
"refsource": "MISC",
"url": "http://secunia.com/advisories/36249"
},
{
"name": "http://securityreason.com/securityalert/4099",
"refsource": "MISC",
"url": "http://securityreason.com/securityalert/4099"
},
{
"name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html",
"refsource": "MISC",
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"
},
{
"name": "http://www.securityfocus.com/archive/1/495022/100/0/threaded",
"refsource": "MISC",
"url": "http://www.securityfocus.com/archive/1/495022/100/0/threaded"
},
{
"name": "http://www.securityfocus.com/bid/30494",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/30494"
},
{
"name": "http://www.securitytracker.com/id?1020623",
"refsource": "MISC",
"url": "http://www.securitytracker.com/id?1020623"
},
{
"name": "http://www.vupen.com/english/advisories/2009/1535",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2009/1535"
},
{
"name": "http://www.vupen.com/english/advisories/2009/2215",
"refsource": "MISC",
"url": "http://www.vupen.com/english/advisories/2009/2215"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156"
},
{
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577",
"refsource": "MISC",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577"
},
{
"name": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876",
"refsource": "MISC",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-2370"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tomcat.apache.org/security-4.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://tomcat.apache.org/security-4.html"
},
{
"name": "http://tomcat.apache.org/security-5.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://tomcat.apache.org/security-5.html"
},
{
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "30494",
"refsource": "BID",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/30494"
},
{
"name": "1020623",
"refsource": "SECTRACK",
"tags": [],
"url": "http://www.securitytracker.com/id?1020623"
},
{
"name": "31639",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/31639"
},
{
"name": "31379",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/31379"
},
{
"name": "31381",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/31381"
},
{
"name": "RHSA-2008:0648",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html"
},
{
"name": "MDVSA-2008:188",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188"
},
{
"name": "FEDORA-2008-8130",
"refsource": "FEDORA",
"tags": [],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html"
},
{
"name": "SUSE-SR:2008:018",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "FEDORA-2008-8113",
"refsource": "FEDORA",
"tags": [],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html"
},
{
"name": "31891",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/31891"
},
{
"name": "FEDORA-2008-7977",
"refsource": "FEDORA",
"tags": [],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html"
},
{
"name": "31865",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/31865"
},
{
"name": "RHSA-2008:0862",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"
},
{
"name": "RHSA-2008:0864",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html"
},
{
"name": "APPLE-SA-2008-10-09",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name": "31681",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "http://support.apple.com/kb/HT3216",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "32222",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"
},
{
"name": "4099",
"refsource": "SREASON",
"tags": [],
"url": "http://securityreason.com/securityalert/4099"
},
{
"name": "31982",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/31982"
},
{
"name": "HPSBUX02401",
"refsource": "HP",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=123376588623823\u0026w=2"
},
{
"name": "33797",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/33797"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "32120",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/32120"
},
{
"name": "32266",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/32266"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html"
},
{
"name": "ADV-2009-0503",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2009/0503"
},
{
"name": "33999",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/33999"
},
{
"name": "34013",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/34013"
},
{
"name": "35393",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/35393"
},
{
"name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200902e.html"
},
{
"name": "ADV-2009-1535",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2009/1535"
},
{
"name": "ADV-2009-2215",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2009/2215"
},
{
"name": "36249",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/36249"
},
{
"name": "37460",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/37460"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "ADV-2008-2780",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "ADV-2009-0320",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2009/0320"
},
{
"name": "ADV-2008-2823",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/2823"
},
{
"name": "ADV-2008-2305",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2008/2305"
},
{
"name": "HPSBST02955",
"refsource": "HP",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2"
},
{
"name": "57126",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/57126"
},
{
"name": "tomcat-requestdispatcher-info-disclosure(44156)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44156"
},
{
"name": "oval:org.mitre.oval:def:5876",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5876"
},
{
"name": "oval:org.mitre.oval:def:10577",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10577"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "20080801 [CVE-2008-2370] Apache Tomcat information disclosure vulnerability",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/495022/100/0/threaded"
},
{
"name": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E",
"refsource": "MISC",
"tags": [],
"url": "https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2023-02-13T02:19Z",
"publishedDate": "2008-08-04T01:41Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…