Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-1304
Vulnerability from cvelistv5
Published
2018-02-28 20:00
Modified
2024-09-17 01:35
Severity ?
EPSS score ?
Summary
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Tomcat |
Version: Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49, 7.0.0 to 7.0.84 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:59:37.867Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:1448", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1448" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20180706-0001/" }, { "name": "103170", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/103170" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "name": "RHSA-2018:1449", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1449" }, { "name": "RHSA-2018:1450", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1450" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb%40%3Cannounce.tomcat.apache.org%3E" }, { "name": "DSA-4281", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4281" }, { "name": "RHSA-2018:2939", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2939" }, { "name": "RHSA-2018:0465", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0465" }, { "name": "USN-3665-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3665-1/" }, { "name": "1040427", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1040427" }, { "name": "RHSA-2018:1320", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1320" }, { "name": "RHSA-2018:1451", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1451" }, { "name": "[debian-lts-announce] 20180306 [SECURITY] [DLA 1301-1] tomcat7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "name": "[debian-lts-announce] 20180729 [SECURITY] [DLA 1450-1] tomcat8 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html" }, { "name": "RHSA-2018:0466", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:0466" }, { "name": "RHSA-2018:1447", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1447" }, { "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "name": "RHSA-2019:2205", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:2205" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Apache Tomcat", "vendor": "Apache Software Foundation", "versions": [ { "status": "affected", "version": "Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49, 7.0.0 to 7.0.84" } ] } ], "datePublic": "2018-02-23T00:00:00", "descriptions": [ { "lang": "en", "value": "The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected." } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-04-15T21:06:45", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "name": "RHSA-2018:1448", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1448" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20180706-0001/" }, { "name": "103170", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/103170" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "name": "RHSA-2018:1449", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1449" }, { "name": "RHSA-2018:1450", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1450" }, { "tags": [ "x_refsource_MISC" ], "url": "https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb%40%3Cannounce.tomcat.apache.org%3E" }, { "name": "DSA-4281", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4281" }, { "name": "RHSA-2018:2939", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2939" }, { "name": "RHSA-2018:0465", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0465" }, { "name": "USN-3665-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3665-1/" }, { "name": "1040427", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1040427" }, { "name": "RHSA-2018:1320", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1320" }, { "name": "RHSA-2018:1451", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1451" }, { "name": "[debian-lts-announce] 20180306 [SECURITY] [DLA 1301-1] tomcat7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "name": "[debian-lts-announce] 20180729 [SECURITY] [DLA 1450-1] tomcat8 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html" }, { "name": "RHSA-2018:0466", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:0466" }, { "name": "RHSA-2018:1447", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1447" }, { "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "name": "RHSA-2019:2205", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:2205" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-02-23T00:00:00", "ID": "CVE-2018-1304", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Tomcat", "version": { "version_data": [ { "version_value": "Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49, 7.0.0 to 7.0.84" } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Information Disclosure" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:1448", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1448" }, { "name": "https://security.netapp.com/advisory/ntap-20180706-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180706-0001/" }, { "name": "103170", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103170" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "name": "RHSA-2018:1449", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1449" }, { "name": "RHSA-2018:1450", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1450" }, { "name": "https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb@%3Cannounce.tomcat.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb@%3Cannounce.tomcat.apache.org%3E" }, { "name": "DSA-4281", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4281" }, { "name": "RHSA-2018:2939", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2939" }, { "name": "RHSA-2018:0465", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0465" }, { "name": "USN-3665-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3665-1/" }, { "name": "1040427", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040427" }, { "name": "RHSA-2018:1320", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1320" }, { "name": "RHSA-2018:1451", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1451" }, { "name": "[debian-lts-announce] 20180306 [SECURITY] [DLA 1301-1] tomcat7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html" }, { "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "name": "[debian-lts-announce] 20180729 [SECURITY] [DLA 1450-1] tomcat8 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html" }, { "name": "RHSA-2018:0466", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0466" }, { "name": "RHSA-2018:1447", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1447" }, { "name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1400-1] tomcat7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [24/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [23/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857496 [3/4] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [18/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "name": "RHSA-2019:2205", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2205" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [24/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200203 svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [28/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E" }, { "name": "[tomcat-dev] 20200213 svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-1304", "datePublished": "2018-02-28T20:00:00Z", "dateReserved": "2017-12-07T00:00:00", "dateUpdated": "2024-09-17T01:35:47.135Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2018-1304\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2018-02-28T20:29:00.227\",\"lastModified\":\"2024-11-21T03:59:35.043\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The URL pattern of \\\"\\\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.\"},{\"lang\":\"es\",\"value\":\"El patr\u00f3n de URL \\\"\\\" (la cadena vac\u00eda) que mapea exactamente al root de contexto no se gestion\u00f3 correctamente en Apache Tomcat 9.0.0.M1 a 9.0.4, 8.5.0 a 8.5.27, 8.0.0.RC1 a 8.0.49 y 7.0.0 a 7.0.84 al emplearse como parte de una definici\u00f3n de limitaci\u00f3n de seguridad. Esto provoc\u00f3 que el l\u00edmite se ignorase. Por lo tanto, era posible que usuarios no autorizados obtuviesen acceso a recursos de la aplicaci\u00f3n web que tendr\u00edan que haber estado protegidos. Solo se han visto afectadas las limitaciones de seguridad con un patr\u00f3n URL de cadena vac\u00eda.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0.0\",\"versionEndIncluding\":\"7.0.84\",\"matchCriteriaId\":\"0204E778-1E01-4781-8B75-B9246B2AFCCF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.49\",\"matchCriteriaId\":\"FF49B49E-FE51-4731-81F4-75489CEB5270\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.5.0\",\"versionEndIncluding\":\"8.5.27\",\"matchCriteriaId\":\"760F85D9-4F6A-479B-987A-A096F0EF888A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndIncluding\":\"9.0.4\",\"matchCriteriaId\":\"F81CB598-6F12-4934-ACCF-4498CF07C898\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4752862B-7D26-4285-B8A0-CF082C758353\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D0689FE-4BC0-4F53-8C79-34B21F9B86C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*\",\"matchCriteriaId\":\"89B129B2-FB6F-4EF9-BF12-E589A87996CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B6787B6-54A8-475E-BA1C-AB99334B2535\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*\",\"matchCriteriaId\":\"EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*\",\"matchCriteriaId\":\"E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A6DA0BE-908C-4DA8-A191-A0113235E99A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*\",\"matchCriteriaId\":\"39029C72-28B4-46A4-BFF5-EC822CFB2A4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A2E05A3-014F-4C4D-81E5-88E725FBD6AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*\",\"matchCriteriaId\":\"166C533C-0833-41D5-99B6-17A4FAB3CAF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*\",\"matchCriteriaId\":\"D3768C60-21FA-4B92-B98C-C3A2602D1BC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F542E12-6BA8-4504-A494-DA83E7E19BD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2409CC7-6A85-4A66-A457-0D62B9895DC1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*\",\"matchCriteriaId\":\"B392A7E5-4455-4B1C-8FAC-AE6DDC70689E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF411DDA-2601-449A-9046-D250419A0E1A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B4FBF97-DE16-4E5E-BE19-471E01818D40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B266B1E-24B5-47EE-A421-E0E3CC0C7471\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*\",\"matchCriteriaId\":\"29614C3A-6FB3-41C7-B56E-9CC3F45B04F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6AB156C-8FF6-4727-AF75-590D0DCB3F9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0C5F004-F7D8-45DB-B173-351C50B0EC16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1902D2E-1896-4D3D-9E1C-3A675255072C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*\",\"matchCriteriaId\":\"49AAF4DF-F61D-47A8-8788-A21E317A145D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*\",\"matchCriteriaId\":\"454211D0-60A2-4661-AECA-4C0121413FEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*\",\"matchCriteriaId\":\"0686F977-889F-4960-8E0B-7784B73A7F2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*\",\"matchCriteriaId\":\"558703AE-DB5E-4DFF-B497-C36694DD7B24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED6273F2-1165-47A4-8DD7-9E9B2472941B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68E89E9D-88CA-4BCC-8871-EF4AF913D871\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2E0AFF9-F664-4D46-AEF4-07C725CC5448\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E2F2F98-DB90-43F6-8F28-3656207B6188\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2177A5E9-B260-499E-8D60-920679518425\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A3DC116-2844-47A1-BEC2-D0675DD97148\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:micros_relate_crm_software:11.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE3A1A04-5AAE-40D9-842A-8B46211C5D95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:secure_global_desktop:5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B4B4E96-1F12-4719-BDB7-4ED5D3DCF9ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5265C91-FF5C-4451-A7C2-D388A65ACFA2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:jboss_middleware:1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F4A0F87-524E-4935-9B07-93793D8143FD\"}]}]}],\"references\":[{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/103170\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040427\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0465\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0466\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1320\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1447\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1448\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1449\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1450\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1451\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2939\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2205\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb%40%3Cannounce.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"security@apache.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180706-0001/\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3665-1/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4281\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"security@apache.org\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"security@apache.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"security@apache.org\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/103170\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1040427\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0465\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0466\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1320\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1447\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1448\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1449\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1450\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1451\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2939\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:2205\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b1d7e2425d6fd2cebed40d318f9365b44546077e10949b01b1f8a0fb%40%3Cannounce.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a%40%3Cdev.tomcat.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/03/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/06/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/07/msg00044.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180706-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3665-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4281\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
RHSA-2018:0466
Vulnerability from csaf_redhat
Published
2018-03-07 15:21
Modified
2025-01-19 19:40
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 Service Pack 2 security update
Notes
Topic
An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1 Service Pack 2 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* apr: Out-of-bounds array deref in apr_time_exp*() functions (CVE-2017-12613)
* tomcat: Remote Code Execution via JSP Upload (CVE-2017-12615)
* tomcat: Information Disclosure when using VirtualDirContext (CVE-2017-12616)
* tomcat: Remote Code Execution bypass for CVE-2017-12615 (CVE-2017-12617)
* tomcat-native: Mishandling of client certificates can allow for OCSP check bypass (CVE-2017-15698)
* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)
* tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Web Server 3.1 for RHEL 6 and Red Hat JBoss Web Server 3.1 for RHEL 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1 Service Pack 2 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* apr: Out-of-bounds array deref in apr_time_exp*() functions (CVE-2017-12613)\n\n* tomcat: Remote Code Execution via JSP Upload (CVE-2017-12615)\n\n* tomcat: Information Disclosure when using VirtualDirContext (CVE-2017-12616)\n\n* tomcat: Remote Code Execution bypass for CVE-2017-12615 (CVE-2017-12617)\n\n* tomcat-native: Mishandling of client certificates can allow for OCSP check bypass (CVE-2017-15698)\n\n* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)\n\n* tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:0466", "url": "https://access.redhat.com/errata/RHSA-2018:0466" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/" }, { "category": "external", "summary": "1493220", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493220" }, { "category": "external", "summary": "1493222", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493222" }, { "category": "external", "summary": "1494283", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283" }, { "category": "external", "summary": "1506523", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506523" }, { "category": "external", "summary": "1540824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540824" }, { "category": "external", "summary": "1548282", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548282" }, { "category": "external", "summary": "1548289", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548289" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0466.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 Service Pack 2 security update", "tracking": { "current_release_date": "2025-01-19T19:40:32+00:00", "generator": { "date": "2025-01-19T19:40:32+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2018:0466", "initial_release_date": "2018-03-07T15:21:52+00:00", "revision_history": [ { "date": "2018-03-07T15:21:52+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-03-07T15:21:52+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-01-19T19:40:32+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Web Server 3.1 for RHEL 6", "product": { "name": "Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el6" } } }, { "category": "product_name", "name": "Red Hat JBoss Web Server 3.1 for RHEL 7", "product": { "name": "Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Server" }, { "branches": [ { "category": "product_version", "name": "tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "product": { "name": "tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "product_id": "tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.2.8-11.redhat_11.ep7.el6?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "product": { "name": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "product_id": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native@1.2.8-11.redhat_11.ep7.el6?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "product": { "name": "tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "product_id": "tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.2.8-11.redhat_11.ep7.el7?arch=x86_64" } } }, { "category": "product_version", "name": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "product": { "name": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "product_id": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native@1.2.8-11.redhat_11.ep7.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "product": { "name": "tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "product_id": "tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native-debuginfo@1.2.8-11.redhat_11.ep7.el6?arch=i686" } } }, { "category": "product_version", "name": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "product": { "name": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "product_id": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native@1.2.8-11.redhat_11.ep7.el6?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "product": { "name": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "product_id": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native@1.2.8-11.redhat_11.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "product": { "name": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "product_id": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster@1.3.8-2.Final_redhat_2.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "product": { "name": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "product_id": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-vault@1.1.6-1.Final_redhat_1.1.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "tomcat7-0:7.0.70-25.ep7.el6.src", "product": { "name": "tomcat7-0:7.0.70-25.ep7.el6.src", "product_id": "tomcat7-0:7.0.70-25.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7@7.0.70-25.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "tomcat8-0:8.0.36-29.ep7.el6.src", "product": { "name": "tomcat8-0:8.0.36-29.ep7.el6.src", "product_id": "tomcat8-0:8.0.36-29.ep7.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8@8.0.36-29.ep7.el6?arch=src" } } }, { "category": "product_version", "name": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "product": { "name": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "product_id": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-native@1.2.8-11.redhat_11.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "product": { "name": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "product_id": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster@1.3.8-2.Final_redhat_2.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "product": { "name": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "product_id": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-vault@1.1.6-1.Final_redhat_1.1.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "tomcat8-0:8.0.36-29.ep7.el7.src", "product": { "name": "tomcat8-0:8.0.36-29.ep7.el7.src", "product_id": "tomcat8-0:8.0.36-29.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8@8.0.36-29.ep7.el7?arch=src" } } }, { "category": "product_version", "name": "tomcat7-0:7.0.70-25.ep7.el7.src", "product": { "name": "tomcat7-0:7.0.70-25.ep7.el7.src", "product_id": "tomcat7-0:7.0.70-25.ep7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7@7.0.70-25.ep7.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "product": { "name": "mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "product_id": "mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-tomcat8@1.3.8-2.Final_redhat_2.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "product": { "name": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "product_id": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster@1.3.8-2.Final_redhat_2.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "product": { "name": "mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "product_id": "mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-tomcat7@1.3.8-2.Final_redhat_2.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-vault-tomcat7@1.1.6-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-vault@1.1.6-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "product": { "name": "tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "product_id": "tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-vault-tomcat8@1.1.6-1.Final_redhat_1.1.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "product": { "name": "tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "product_id": "tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.70-25.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "product": { "name": "tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "product_id": "tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.70-25.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "product": { "name": "tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "product_id": "tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.70-25.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "product": { "name": "tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "product_id": "tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.70-25.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "product": { "name": "tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "product_id": "tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-lib@7.0.70-25.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "product": { "name": "tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "product_id": "tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.70-25.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "product": { "name": "tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "product_id": "tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.70-25.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "product": { "name": "tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "product_id": "tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-jsvc@7.0.70-25.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "product": { "name": "tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "product_id": "tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.70-25.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "product": { "name": "tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "product_id": "tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.70-25.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-0:7.0.70-25.ep7.el6.noarch", "product": { "name": "tomcat7-0:7.0.70-25.ep7.el6.noarch", "product_id": "tomcat7-0:7.0.70-25.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7@7.0.70-25.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "product": { "name": "tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "product_id": "tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-selinux@7.0.70-25.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "product": { "name": "tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "product_id": "tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-webapps@8.0.36-29.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "product": { "name": "tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "product_id": "tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-docs-webapp@8.0.36-29.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "product": { "name": "tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "product_id": "tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-log4j@8.0.36-29.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "product": { "name": "tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "product_id": "tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-jsp-2.3-api@8.0.36-29.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "product": { "name": "tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "product_id": "tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-jsvc@8.0.36-29.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "product": { "name": "tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "product_id": "tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-servlet-3.1-api@8.0.36-29.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "product": { "name": "tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "product_id": "tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-javadoc@8.0.36-29.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-0:8.0.36-29.ep7.el6.noarch", "product": { "name": "tomcat8-0:8.0.36-29.ep7.el6.noarch", "product_id": "tomcat8-0:8.0.36-29.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8@8.0.36-29.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "product": { "name": "tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "product_id": "tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-lib@8.0.36-29.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "product": { "name": "tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "product_id": "tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-selinux@8.0.36-29.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "product": { "name": "tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "product_id": "tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-el-2.2-api@8.0.36-29.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "product": { "name": "tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "product_id": "tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-admin-webapps@8.0.36-29.ep7.el6?arch=noarch" } } }, { "category": "product_version", "name": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "product": { "name": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "product_id": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster@1.3.8-2.Final_redhat_2.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "product": { "name": "mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "product_id": "mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-tomcat7@1.3.8-2.Final_redhat_2.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "product": { "name": "mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "product_id": "mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/mod_cluster-tomcat8@1.3.8-2.Final_redhat_2.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-vault-tomcat7@1.1.6-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-vault-tomcat8@1.1.6-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "product": { "name": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "product_id": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat-vault@1.1.6-1.Final_redhat_1.1.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch", "product": { "name": "tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch", "product_id": "tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-webapps@8.0.36-29.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "product": { "name": "tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "product_id": "tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-log4j@8.0.36-29.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "product": { "name": "tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "product_id": "tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-docs-webapp@8.0.36-29.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "product": { "name": "tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "product_id": "tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-jsp-2.3-api@8.0.36-29.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "product": { "name": "tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "product_id": "tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-javadoc@8.0.36-29.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "product": { "name": "tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "product_id": "tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-selinux@8.0.36-29.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "product": { "name": "tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "product_id": "tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-jsvc@8.0.36-29.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-0:8.0.36-29.ep7.el7.noarch", "product": { "name": "tomcat8-0:8.0.36-29.ep7.el7.noarch", "product_id": "tomcat8-0:8.0.36-29.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8@8.0.36-29.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "product": { "name": "tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "product_id": "tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-lib@8.0.36-29.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "product": { "name": "tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "product_id": "tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-el-2.2-api@8.0.36-29.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "product": { "name": "tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "product_id": "tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-admin-webapps@8.0.36-29.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "product": { "name": "tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "product_id": "tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat8-servlet-3.1-api@8.0.36-29.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "product": { "name": "tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "product_id": "tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-docs-webapp@7.0.70-25.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "product": { "name": "tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "product_id": "tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-log4j@7.0.70-25.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "product": { "name": "tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "product_id": "tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-el-2.2-api@7.0.70-25.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "product": { "name": "tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "product_id": "tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-lib@7.0.70-25.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "product": { "name": "tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "product_id": "tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-jsp-2.2-api@7.0.70-25.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "product": { "name": "tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "product_id": "tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-servlet-3.0-api@7.0.70-25.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "product": { "name": "tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "product_id": "tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-jsvc@7.0.70-25.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "product": { "name": "tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "product_id": "tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-webapps@7.0.70-25.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "product": { "name": "tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "product_id": "tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-admin-webapps@7.0.70-25.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "product": { "name": "tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "product_id": "tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-javadoc@7.0.70-25.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "product": { "name": "tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "product_id": "tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7-selinux@7.0.70-25.ep7.el7?arch=noarch" } } }, { "category": "product_version", "name": "tomcat7-0:7.0.70-25.ep7.el7.noarch", "product": { "name": "tomcat7-0:7.0.70-25.ep7.el7.noarch", "product_id": "tomcat7-0:7.0.70-25.ep7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/tomcat7@7.0.70-25.ep7.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch" }, "product_reference": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src" }, "product_reference": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch" }, "product_reference": "mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch" }, "product_reference": "mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686" }, "product_reference": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src" }, "product_reference": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64" }, "product_reference": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686" }, "product_reference": "tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64" }, "product_reference": "tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src" }, "product_reference": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch" }, "product_reference": "tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-0:7.0.70-25.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch" }, "product_reference": "tomcat7-0:7.0.70-25.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-0:7.0.70-25.ep7.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src" }, "product_reference": "tomcat7-0:7.0.70-25.ep7.el6.src", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch" }, "product_reference": "tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch" }, "product_reference": "tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch" }, "product_reference": "tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch" }, "product_reference": "tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch" }, "product_reference": "tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch" }, "product_reference": "tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-lib-0:7.0.70-25.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch" }, "product_reference": "tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch" }, "product_reference": "tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch" }, "product_reference": "tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch" }, "product_reference": "tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch" }, "product_reference": "tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-0:8.0.36-29.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch" }, "product_reference": "tomcat8-0:8.0.36-29.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-0:8.0.36-29.ep7.el6.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src" }, "product_reference": "tomcat8-0:8.0.36-29.ep7.el6.src", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch" }, "product_reference": "tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch" }, "product_reference": "tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch" }, "product_reference": "tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch" }, "product_reference": "tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch" }, "product_reference": "tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch" }, "product_reference": "tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-lib-0:8.0.36-29.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch" }, "product_reference": "tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch" }, "product_reference": "tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch" }, "product_reference": "tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch" }, "product_reference": "tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 6", "product_id": "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch" }, "product_reference": "tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "relates_to_product_reference": "6Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch" }, "product_reference": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src" }, "product_reference": "mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch" }, "product_reference": "mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch" }, "product_reference": "mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src" }, "product_reference": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64" }, "product_reference": "tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64 as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64" }, "product_reference": "tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src" }, "product_reference": "tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch" }, "product_reference": "tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-0:7.0.70-25.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch" }, "product_reference": "tomcat7-0:7.0.70-25.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-0:7.0.70-25.ep7.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src" }, "product_reference": "tomcat7-0:7.0.70-25.ep7.el7.src", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch" }, "product_reference": "tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch" }, "product_reference": "tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch" }, "product_reference": "tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch" }, "product_reference": "tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch" }, "product_reference": "tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch" }, "product_reference": "tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-lib-0:7.0.70-25.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch" }, "product_reference": "tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch" }, "product_reference": "tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch" }, "product_reference": "tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch" }, "product_reference": "tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch" }, "product_reference": "tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-0:8.0.36-29.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch" }, "product_reference": "tomcat8-0:8.0.36-29.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-0:8.0.36-29.ep7.el7.src as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src" }, "product_reference": "tomcat8-0:8.0.36-29.ep7.el7.src", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch" }, "product_reference": "tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch" }, "product_reference": "tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch" }, "product_reference": "tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch" }, "product_reference": "tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch" }, "product_reference": "tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch" }, "product_reference": "tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-lib-0:8.0.36-29.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch" }, "product_reference": "tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch" }, "product_reference": "tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch" }, "product_reference": "tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch" }, "product_reference": "tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch as a component of Red Hat JBoss Web Server 3.1 for RHEL 7", "product_id": "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" }, "product_reference": "tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch", "relates_to_product_reference": "7Server-JWS-3.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-12613", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-10-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1506523" } ], "notes": [ { "category": "description", "text": "An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "apr: Out-of-bounds array deref in apr_time_exp*() functions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12613" }, { "category": "external", "summary": "RHBZ#1506523", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506523" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12613", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12613" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12613", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12613" }, { "category": "external", "summary": "http://www.apache.org/dist/apr/Announcement1.x.html", "url": "http://www.apache.org/dist/apr/Announcement1.x.html" } ], "release_date": "2017-10-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-03-07T15:21:52+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0466" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0" }, "products": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apr: Out-of-bounds array deref in apr_time_exp*() functions" }, { "cve": "CVE-2017-12615", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-09-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1493220" } ], "notes": [ { "category": "description", "text": "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Remote Code Execution via JSP Upload", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12615" }, { "category": "external", "summary": "RHBZ#1493220", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493220" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12615", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12615" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81", "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2017-09-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-03-07T15:21:52+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0466" }, { "category": "workaround", "details": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\n\nBlock HTTP methods that permit resource modification for untrusted users.", "product_ids": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-03-25T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Important" } ], "title": "tomcat: Remote Code Execution via JSP Upload" }, { "cve": "CVE-2017-12616", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2017-09-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1493222" } ], "notes": [ { "category": "description", "text": "When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Information Disclosure when using VirtualDirContext", "title": "Vulnerability summary" }, { "category": "other", "text": "VirtualDirContext is not designed to be used in production, but only to ease development with IDEs without needing to fully republish jars in WEB-INF/lib.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12616" }, { "category": "external", "summary": "RHBZ#1493222", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493222" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12616", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12616" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12616", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12616" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81", "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81" } ], "release_date": "2017-09-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-03-07T15:21:52+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0466" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: Information Disclosure when using VirtualDirContext" }, { "cve": "CVE-2017-12617", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-09-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1494283" } ], "notes": [ { "category": "description", "text": "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Remote Code Execution bypass for CVE-2017-12615", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12617" }, { "category": "external", "summary": "RHBZ#1494283", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12617", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12617" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html", "url": "https://tomcat.apache.org/security-7.html" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html", "url": "https://tomcat.apache.org/security-8.html" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2017-09-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-03-07T15:21:52+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0466" }, { "category": "workaround", "details": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\n\nBlock HTTP methods that permit resource modification for untrusted users.", "product_ids": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-03-25T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Important" } ], "title": "tomcat: Remote Code Execution bypass for CVE-2017-12615" }, { "cve": "CVE-2017-15698", "cwe": { "id": "CWE-299", "name": "Improper Check for Certificate Revocation" }, "discovery_date": "2018-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1540824" } ], "notes": [ { "category": "description", "text": "When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat-native: Mishandling of client certificates can allow for OCSP check bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-15698" }, { "category": "external", "summary": "RHBZ#1540824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540824" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-15698", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15698" } ], "release_date": "2018-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-03-07T15:21:52+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0466" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat-native: Mishandling of client certificates can allow for OCSP check bypass" }, { "cve": "CVE-2018-1304", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2018-02-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548289" } ], "notes": [ { "category": "description", "text": "The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1304" }, { "category": "external", "summary": "RHBZ#1548289", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548289" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1304", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1304" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1304" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85", "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28" } ], "release_date": "2018-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-03-07T15:21:52+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0466" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources" }, { "cve": "CVE-2018-1305", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2018-02-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548282" } ], "notes": [ { "category": "description", "text": "Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Late application of security constraints can lead to resource exposure for unauthorised users", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1305" }, { "category": "external", "summary": "RHBZ#1548282", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548282" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1305", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1305" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1305", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1305" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85", "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28" } ], "release_date": "2018-02-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-03-07T15:21:52+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nFor details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0466" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el6.src", "6Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.src", "6Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.i686", "6Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el6.x86_64", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el6.src", "6Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el6.src", "6Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el6.src", "6Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el6.noarch", "6Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el6.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-0:1.3.8-2.Final_redhat_2.1.ep7.el7.src", "7Server-JWS-3.1:mod_cluster-tomcat7-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:mod_cluster-tomcat8-0:1.3.8-2.Final_redhat_2.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.src", "7Server-JWS-3.1:tomcat-native-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-native-debuginfo-0:1.2.8-11.redhat_11.ep7.el7.x86_64", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-0:1.1.6-1.Final_redhat_1.1.ep7.el7.src", "7Server-JWS-3.1:tomcat-vault-tomcat7-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat-vault-tomcat8-0:1.1.6-1.Final_redhat_1.1.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-0:7.0.70-25.ep7.el7.src", "7Server-JWS-3.1:tomcat7-admin-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-docs-webapp-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-el-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-javadoc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsp-2.2-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-jsvc-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-lib-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-log4j-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-selinux-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-servlet-3.0-api-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat7-webapps-0:7.0.70-25.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-0:8.0.36-29.ep7.el7.src", "7Server-JWS-3.1:tomcat8-admin-webapps-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-docs-webapp-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-el-2.2-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-javadoc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsp-2.3-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-jsvc-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-lib-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-log4j-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-selinux-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-servlet-3.1-api-0:8.0.36-29.ep7.el7.noarch", "7Server-JWS-3.1:tomcat8-webapps-0:8.0.36-29.ep7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: Late application of security constraints can lead to resource exposure for unauthorised users" } ] }
RHSA-2018:1449
Vulnerability from csaf_redhat
Published
2018-05-14 20:36
Modified
2025-01-05 18:56
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.20 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
* Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability (CVE-2016-4978)
* solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163)
* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)
* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; 0c0c0f from 360观星实验室 for reporting CVE-2017-17485; and Chris McCown for reporting CVE-2018-8088.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\n* Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability (CVE-2016-4978)\n\n* solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163)\n\n* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)\n\n* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; 0c0c0f from 360\u89c2\u661f\u5b9e\u9a8c\u5ba4 for reporting CVE-2017-17485; and Chris McCown for reporting CVE-2018-8088.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:1449", "url": "https://access.redhat.com/errata/RHSA-2018:1449" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4" }, { "category": "external", "summary": "1379207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379207" }, { "category": "external", "summary": "1454783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1454783" }, { "category": "external", "summary": "1506612", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506612" }, { "category": "external", "summary": "1528565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528565" }, { "category": "external", "summary": "1548289", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548289" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "1549276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549276" }, { "category": "external", "summary": "1559008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559008" }, { "category": "external", "summary": "1559011", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559011" }, { "category": "external", "summary": "1559016", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559016" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1449.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.20 security update", "tracking": { "current_release_date": "2025-01-05T18:56:31+00:00", "generator": { "date": "2025-01-05T18:56:31+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.5" } }, "id": "RHSA-2018:1449", "initial_release_date": "2018-05-14T20:36:31+00:00", "revision_history": [ { "date": "2018-05-14T20:36:31+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-05-14T20:36:31+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-01-05T18:56:31+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jgroups@3.2.18-1.Final_redhat_1.1.ep6.el6?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossts@4.17.43-1.Final_redhat_1.1.ep6.el6?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@7.5.28-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "product": { "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "product_id": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hornetq@2.3.25-26.SP24_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "product": { "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "product_id": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/lucene-solr@3.6.2-8.redhat_9.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "product": { "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "product_id": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson@1.9.9-12.redhat_6.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src", "product_id": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/picketbox@4.1.7-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-weld@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-web@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cli@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-security@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-network@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-threads@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-mail@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-server@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-naming@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-logging@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-connector@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-sar@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-version@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-xts@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-standalone@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-appclient@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-domain@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-bundles@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-core@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } }, { "category": "product_version", "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product": { "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_id": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jgroups@3.2.18-1.Final_redhat_1.1.ep6.el6?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossts@4.17.43-1.Final_redhat_1.1.ep6.el6?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@7.5.28-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "product": { "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "product_id": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hornetq@2.3.25-26.SP24_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "product": { "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "product_id": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/lucene-solr@3.6.2-8.redhat_9.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product": { "name": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product_id": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson-core-asl@1.9.9-12.redhat_6.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product": { "name": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product_id": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson-mapper-asl@1.9.9-12.redhat_6.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product": { "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product_id": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson@1.9.9-12.redhat_6.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product": { "name": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product_id": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson-jaxrs@1.9.9-12.redhat_6.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product": { "name": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product_id": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson-xc@1.9.9-12.redhat_6.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/picketbox@4.1.7-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-weld@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-web@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cli@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-security@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-network@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-threads@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-mail@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-server@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-naming@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-logging@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-connector@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-sar@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-version@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-xts@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-standalone@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-appclient@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-domain@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-bundles@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-core@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product": { "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_id": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.20-1.Final_redhat_1.1.ep6.el6?arch=noarch" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch" }, "product_reference": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src" }, "product_reference": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch" }, "product_reference": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch" }, "product_reference": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch" }, "product_reference": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch" }, "product_reference": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch" }, "product_reference": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src" }, "product_reference": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch" }, "product_reference": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src" }, "product_reference": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch" }, "product_reference": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "relates_to_product_reference": "6Server-JBEAP-6.4" }, { "category": "default_component_of", "full_product_name": { "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6 Server", "product_id": "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" }, "product_reference": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src", "relates_to_product_reference": "6Server-JBEAP-6.4" } ] }, "vulnerabilities": [ { "cve": "CVE-2016-4978", "discovery_date": "2016-09-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1379207" } ], "notes": [ { "category": "description", "text": "It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.", "title": "Vulnerability description" }, { "category": "summary", "text": "Artemis: Deserialization of untrusted input vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2016-4978" }, { "category": "external", "summary": "RHBZ#1379207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379207" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2016-4978", "url": "https://www.cve.org/CVERecord?id=CVE-2016-4978" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-4978", "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4978" } ], "release_date": "2016-09-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:31+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1449" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Artemis: Deserialization of untrusted input vulnerability" }, { "cve": "CVE-2017-3163", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2017-05-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1454783" } ], "notes": [ { "category": "description", "text": "When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.", "title": "Vulnerability description" }, { "category": "summary", "text": "solr: Directory traversal via Index Replication HTTP API", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-3163" }, { "category": "external", "summary": "RHBZ#1454783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1454783" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-3163", "url": "https://www.cve.org/CVERecord?id=CVE-2017-3163" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-3163", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3163" } ], "release_date": "2017-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:31+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1449" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "solr: Directory traversal via Index Replication HTTP API" }, { "acknowledgments": [ { "names": [ "Liao Xinxi" ], "organization": "NSFOCUS" } ], "cve": "CVE-2017-7525", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-06-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1462702" } ], "notes": [ { "category": "description", "text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of jackson-databind (in Satellite 6.0 and 6.1) and candlepin (which embeds a copy of jackson-databind in Satellite 6.2) as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time:\n\nCandlepin currently uses the default type resolution configuration for the ObjectMappers it creates/uses. Nowhere in candlepin do we enable global polymorphic deserialization via enableDefaultTyping(...), therefore based on the documentation sited BZ 1462702 , candlepin should not be affected.\n\nHowever as the vulnerable software ships with the product we have marked them as vulnerable to ensure the issue is tracked.\n\nJBoss EAP 7.x only uses the vulnerable Jackson Databind library for marshalling and unmarshalling of JSON objects passed to JAX-RS webservices. Some advise about how to remain safe when using JAX-RS webservices on JBoss EAP 7.x is available here: \n\nhttps://access.redhat.com/solutions/3279231\n\nAlthough JBoss Fuse ships the vulnerable version of jackson-databind, it does not call on enableDefaultTyping() for any polymorphic deserialization operations which is the root cause of this vulnerability. We have raised a Jira tracker to ensure that jackson-databind will be upgraded for Fuse 7.0, however due to feasibility issues jackson-databind cannot be upgraded in JBoss Fuse 6.3.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7525" }, { "category": "external", "summary": "RHBZ#1462702", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7525", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525" } ], "release_date": "2017-07-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:31+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1449" }, { "category": "workaround", "details": "Mitigation to this problem is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper" }, { "acknowledgments": [ { "names": [ "Liao Xinxi" ], "organization": "NSFOCUS" } ], "cve": "CVE-2017-15095", "cwe": { "id": "CWE-184", "name": "Incomplete List of Disallowed Inputs" }, "discovery_date": "2017-10-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1506612" } ], "notes": [ { "category": "description", "text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of jackson-databind (in Satellite 6.0 and 6.1) and candlepin (which embeds a copy of jackson-databind in Satellite 6.2) as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time:\n\nCandlepin currently uses the default type resolution configuration for the ObjectMappers it creates/uses. Nowhere in candlepin do we enable global polymorphic deserialization via enableDefaultTyping(...), therefore based on the documentation sited BZ 1462702 , candlepin should not be affected.\n\nHowever as the vulnerable software ships with the product we have marked them as vulnerable to ensure the issue is tracked.\n\nJBoss EAP 7.x only uses the vulnerable Jackson Databind library for marshalling and unmarshalling of JSON objects passed to JAX-RS webservices. Some advise about how to remain safe when using JAX-RS webservices on JBoss EAP 7.x is available here: \n\nhttps://access.redhat.com/solutions/3279231", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-15095" }, { "category": "external", "summary": "RHBZ#1506612", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506612" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-15095", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15095" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15095", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15095" }, { "category": "external", "summary": "https://access.redhat.com/solutions/3442891", "url": "https://access.redhat.com/solutions/3442891" } ], "release_date": "2017-11-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:31+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1449" }, { "category": "workaround", "details": "Mitigation to this problem is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525)" }, { "acknowledgments": [ { "names": [ "0c0c0f from 360\u89c2\u661f\u5b9e\u9a8c\u5ba4" ] } ], "cve": "CVE-2017-17485", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2017-12-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1528565" } ], "notes": [ { "category": "description", "text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. This issue extends upon the previous flaws CVE-2017-7525 and CVE-2017-15095 by blacklisting more classes that could be used maliciously.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-17485" }, { "category": "external", "summary": "RHBZ#1528565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528565" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-17485", "url": "https://www.cve.org/CVERecord?id=CVE-2017-17485" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-17485", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17485" }, { "category": "external", "summary": "https://access.redhat.com/solutions/3442891", "url": "https://access.redhat.com/solutions/3442891" } ], "release_date": "2017-12-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:31+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1449" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)" }, { "cve": "CVE-2018-1304", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2018-02-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548289" } ], "notes": [ { "category": "description", "text": "The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1304" }, { "category": "external", "summary": "RHBZ#1548289", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548289" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1304", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1304" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1304" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85", "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28" } ], "release_date": "2018-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:31+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1449" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources" }, { "cve": "CVE-2018-7489", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1549276" } ], "notes": [ { "category": "description", "text": "FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates.\n\nSatellite 6.2 does not support c3p0 classes. Since the latter are required for this flaw, therefore Satellite 6.2 is not affected. Satellite 6.3 and 6.4 are not affected because Candlepin does not use polymorphic deserialization.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-7489" }, { "category": "external", "summary": "RHBZ#1549276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549276" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7489", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7489" }, { "category": "external", "summary": "https://access.redhat.com/solutions/3442891", "url": "https://access.redhat.com/solutions/3442891" } ], "release_date": "2018-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:31+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1449" }, { "category": "workaround", "details": "Advice on how to remain safe while using JAX-RS webservices on JBoss EAP 7.x is available here:\n\nhttps://access.redhat.com/solutions/3279231\nhttps://github.com/FasterXML/jackson-docs/wiki/JacksonPolymorphicDeserialization\n\nGeneral Mitigation: \nTry to avoid \n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries" }, { "acknowledgments": [ { "names": [ "Chris McCown" ] } ], "cve": "CVE-2018-8088", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2018-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548909" } ], "notes": [ { "category": "description", "text": "An XML deserialization vulnerability was discovered in slf4j\u0027s EventData, which accepts an XML serialized string and can lead to arbitrary code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact of Important, and is not currently planned to be addressed in future updates.\n\nThis issue did not affect the versions of Candlepin as shipped with Red Hat Satellite 6 as Candlepin uses slf4j-api and not the affected slf4j-ext (which is not on the Candlepin classpath).\n\nRed Hat Enterprise Virtualization Manager 4.1 is affected by this issue. Updated packages that address this issue are available through the Red Hat Enterprise Linux Server channels. Virtualization Manager hosts should be subscribed to these channels and obtain the updates via `yum update`.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-8088" }, { "category": "external", "summary": "RHBZ#1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-8088", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8088" } ], "release_date": "2018-02-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-05-14T20:36:31+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:1449" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el6.src", "6Server-JBEAP-6.4:codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el6.src", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.noarch", "6Server-JBEAP-6.4:lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el6.src", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.noarch", "6Server-JBEAP-6.4:picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el6.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution" } ] }
RHSA-2018:0465
Vulnerability from csaf_redhat
Published
2018-03-07 15:09
Modified
2025-01-19 19:40
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 Service Pack 2 security update
Notes
Topic
An update is now available for Red Hat JBoss Web Server 3.1.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 3.1 Service Pack 2 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* apr: Out-of-bounds array deref in apr_time_exp*() functions (CVE-2017-12613)
* tomcat: Remote Code Execution via JSP Upload (CVE-2017-12615)
* tomcat: Information Disclosure when using VirtualDirContext (CVE-2017-12616)
* tomcat: Remote Code Execution bypass for CVE-2017-12615 (CVE-2017-12617)
* tomcat-native: Mishandling of client certificates can allow for OCSP check bypass (CVE-2017-15698)
* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)
* tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Web Server 3.1.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 3.1 Service Pack 2 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* apr: Out-of-bounds array deref in apr_time_exp*() functions (CVE-2017-12613)\n\n* tomcat: Remote Code Execution via JSP Upload (CVE-2017-12615)\n\n* tomcat: Information Disclosure when using VirtualDirContext (CVE-2017-12616)\n\n* tomcat: Remote Code Execution bypass for CVE-2017-12615 (CVE-2017-12617)\n\n* tomcat-native: Mishandling of client certificates can allow for OCSP check bypass (CVE-2017-15698)\n\n* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)\n\n* tomcat: Late application of security constraints can lead to resource exposure for unauthorised users (CVE-2018-1305)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:0465", "url": "https://access.redhat.com/errata/RHSA-2018:0465" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=securityPatches\u0026version=3.1", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=webserver\u0026downloadType=securityPatches\u0026version=3.1" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/httpoxy", "url": "https://access.redhat.com/security/vulnerabilities/httpoxy" }, { "category": "external", "summary": "https://access.redhat.com/solutions/2435491", "url": "https://access.redhat.com/solutions/2435491" }, { "category": "external", "summary": "1493220", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493220" }, { "category": "external", "summary": "1493222", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493222" }, { "category": "external", "summary": "1494283", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283" }, { "category": "external", "summary": "1506523", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506523" }, { "category": "external", "summary": "1540824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540824" }, { "category": "external", "summary": "1548282", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548282" }, { "category": "external", "summary": "1548289", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548289" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0465.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Web Server 3.1.0 Service Pack 2 security update", "tracking": { "current_release_date": "2025-01-19T19:40:32+00:00", "generator": { "date": "2025-01-19T19:40:32+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.6" } }, "id": "RHSA-2018:0465", "initial_release_date": "2018-03-07T15:09:54+00:00", "revision_history": [ { "date": "2018-03-07T15:09:54+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-03-07T15:09:54+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-01-19T19:40:32+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Web Server 3.1", "product": { "name": "Red Hat JBoss Web Server 3.1", "product_id": "Red Hat JBoss Web Server 3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.1" } } } ], "category": "product_family", "name": "Red Hat JBoss Web Server" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-12613", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "discovery_date": "2017-10-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1506523" } ], "notes": [ { "category": "description", "text": "An out-of-bounds array dereference was found in apr_time_exp_get(). An attacker could abuse an unvalidated usage of this function to cause a denial of service or potentially lead to data leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "apr: Out-of-bounds array deref in apr_time_exp*() functions", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 3.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12613" }, { "category": "external", "summary": "RHBZ#1506523", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506523" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12613", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12613" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12613", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12613" }, { "category": "external", "summary": "http://www.apache.org/dist/apr/Announcement1.x.html", "url": "http://www.apache.org/dist/apr/Announcement1.x.html" } ], "release_date": "2017-10-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-03-07T15:09:54+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Web Server 3.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0465" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Web Server 3.1" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "apr: Out-of-bounds array deref in apr_time_exp*() functions" }, { "cve": "CVE-2017-12615", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-09-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1493220" } ], "notes": [ { "category": "description", "text": "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Remote Code Execution via JSP Upload", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 3.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12615" }, { "category": "external", "summary": "RHBZ#1493220", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493220" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12615", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12615" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12615" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81", "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2017-09-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-03-07T15:09:54+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Web Server 3.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0465" }, { "category": "workaround", "details": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\n\nBlock HTTP methods that permit resource modification for untrusted users.", "product_ids": [ "Red Hat JBoss Web Server 3.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Web Server 3.1" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-03-25T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Important" } ], "title": "tomcat: Remote Code Execution via JSP Upload" }, { "cve": "CVE-2017-12616", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2017-09-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1493222" } ], "notes": [ { "category": "description", "text": "When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Information Disclosure when using VirtualDirContext", "title": "Vulnerability summary" }, { "category": "other", "text": "VirtualDirContext is not designed to be used in production, but only to ease development with IDEs without needing to fully republish jars in WEB-INF/lib.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 3.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12616" }, { "category": "external", "summary": "RHBZ#1493222", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493222" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12616", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12616" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12616", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12616" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81", "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81" } ], "release_date": "2017-09-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-03-07T15:09:54+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Web Server 3.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0465" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Web Server 3.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: Information Disclosure when using VirtualDirContext" }, { "cve": "CVE-2017-12617", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2017-09-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1494283" } ], "notes": [ { "category": "description", "text": "A vulnerability was discovered in Tomcat where if a servlet context was configured with readonly=false and HTTP PUT requests were allowed, an attacker could upload a JSP file to that context and achieve code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Remote Code Execution bypass for CVE-2017-12615", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw affects Tomcat on Red Hat Enterprise Linux only when a specific context is configured with readonly=false. The default configuration has a readonly context, so it is not affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 3.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-12617" }, { "category": "external", "summary": "RHBZ#1494283", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494283" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12617", "url": "https://www.cve.org/CVERecord?id=CVE-2017-12617" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12617" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html", "url": "https://tomcat.apache.org/security-7.html" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html", "url": "https://tomcat.apache.org/security-8.html" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2017-09-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-03-07T15:09:54+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Web Server 3.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0465" }, { "category": "workaround", "details": "Ensure that readonly is set to true (the default) for the DefaultServlet, WebDAV servlet or application context.\n\nBlock HTTP methods that permit resource modification for untrusted users.", "product_ids": [ "Red Hat JBoss Web Server 3.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat JBoss Web Server 3.1" ] } ], "threats": [ { "category": "exploit_status", "date": "2022-03-25T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Important" } ], "title": "tomcat: Remote Code Execution bypass for CVE-2017-12615" }, { "cve": "CVE-2017-15698", "cwe": { "id": "CWE-299", "name": "Improper Check for Certificate Revocation" }, "discovery_date": "2018-02-01T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1540824" } ], "notes": [ { "category": "description", "text": "When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat-native: Mishandling of client certificates can allow for OCSP check bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 3.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-15698" }, { "category": "external", "summary": "RHBZ#1540824", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1540824" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-15698", "url": "https://www.cve.org/CVERecord?id=CVE-2017-15698" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15698", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15698" } ], "release_date": "2018-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-03-07T15:09:54+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Web Server 3.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0465" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Web Server 3.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat-native: Mishandling of client certificates can allow for OCSP check bypass" }, { "cve": "CVE-2018-1304", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2018-02-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548289" } ], "notes": [ { "category": "description", "text": "The URL pattern of \"\" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 3.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1304" }, { "category": "external", "summary": "RHBZ#1548289", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548289" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1304", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1304" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1304" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85", "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28" } ], "release_date": "2018-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-03-07T15:09:54+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Web Server 3.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0465" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Web Server 3.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources" }, { "cve": "CVE-2018-1305", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "discovery_date": "2018-02-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1548282" } ], "notes": [ { "category": "description", "text": "Security constraints defined by annotations of Servlets in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 were only applied once a Servlet had been loaded. Because security constraints defined in this way apply to the URL pattern and any URLs below that point, it was possible - depending on the order Servlets were loaded - for some security constraints not to be applied. This could have exposed resources to users who were not authorised to access them.", "title": "Vulnerability description" }, { "category": "summary", "text": "tomcat: Late application of security constraints can lead to resource exposure for unauthorised users", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Web Server 3.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1305" }, { "category": "external", "summary": "RHBZ#1548282", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548282" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1305", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1305" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1305", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1305" }, { "category": "external", "summary": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85", "url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.85" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.50" }, { "category": "external", "summary": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28", "url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.28" } ], "release_date": "2018-02-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-03-07T15:09:54+00:00", "details": "Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Red Hat JBoss Web Server 3.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:0465" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" }, "products": [ "Red Hat JBoss Web Server 3.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "tomcat: Late application of security constraints can lead to resource exposure for unauthorised users" } ] }
rhsa-2018_1448
Vulnerability from csaf_redhat
Published
2018-05-14 20:36
Modified
2025-01-05 18:56
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.20 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.
This release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)
* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)
* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)
* Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability (CVE-2016-4978)
* solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163)
* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)
* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; 0c0c0f from 360观星实验室 for reporting CVE-2017-17485; and Chris McCown for reporting CVE-2018-8088.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server.\n\nThis release of Red Hat JBoss Enterprise Application Platform 6.4.20 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.19, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) (CVE-2017-15095)\n\n* jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) (CVE-2017-17485)\n\n* slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088)\n\n* Apache ActiveMQ Artemis: Deserialization of untrusted input vulnerability (CVE-2016-4978)\n\n* solr: Directory traversal via Index Replication HTTP API (CVE-2017-3163)\n\n* tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources (CVE-2018-1304)\n\n* jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries (CVE-2018-7489)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-15095; 0c0c0f from 360\u89c2\u661f\u5b9e\u9a8c\u5ba4 for reporting CVE-2017-17485; and Chris McCown for reporting CVE-2018-8088.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:1448", "url": "https://access.redhat.com/errata/RHSA-2018:1448" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=6.4" }, { "category": "external", "summary": "1379207", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1379207" }, { "category": "external", "summary": "1454783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1454783" }, { "category": "external", "summary": "1506612", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506612" }, { "category": "external", "summary": "1528565", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528565" }, { "category": "external", "summary": "1548289", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548289" }, { "category": "external", "summary": "1548909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548909" }, { "category": "external", "summary": "1549276", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549276" }, { "category": "external", "summary": "1559010", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559010" }, { "category": "external", "summary": "1559013", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559013" }, { "category": "external", "summary": "1559018", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559018" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_1448.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.20 security update", "tracking": { "current_release_date": "2025-01-05T18:56:38+00:00", "generator": { "date": "2025-01-05T18:56:38+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.5" } }, "id": "RHSA-2018:1448", "initial_release_date": "2018-05-14T20:36:07+00:00", "revision_history": [ { "date": "2018-05-14T20:36:07+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-05-14T20:36:07+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2025-01-05T18:56:38+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product": { "name": "Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7 Server", "product_id": "7Server-JBEAP-6.4", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el7" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" }, { "branches": [ { "category": "product_version", "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jgroups@3.2.18-1.Final_redhat_1.1.ep6.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossts@4.17.43-1.Final_redhat_1.1.ep6.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@7.5.28-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "product": { "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "product_id": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/hornetq@2.3.25-26.SP24_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "product": { "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "product_id": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/lucene-solr@3.6.2-8.redhat_9.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "product": { "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "product_id": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson@1.9.9-12.redhat_6.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src", "product_id": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/picketbox@4.1.7-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-security@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-weld@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-webservices@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-embedded-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-embedded@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-connector-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-connector@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-web-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-web@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-network-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-network@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-transactions-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-transactions@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-naming-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-naming@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-picketlink-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-picketlink@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-clustering-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-clustering@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-modcluster-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-modcluster@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-version-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-version@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-mail-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-mail@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-core-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-core-security@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-osgi-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-client-all-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-client-all@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-cli-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cli@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-configadmin@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-threads-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-threads@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-xts-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-xts@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-protocol-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-protocol@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jmx@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-ee-deployment-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee-deployment@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-server-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-server@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-jaxr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxr@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-jacorb-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jacorb@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-management-client-content-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-management-client-content@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-controller-client-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller-client@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-domain-management-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-management@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-cmp-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-cmp@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-remoting-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-remoting@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-ejb3-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ejb3@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-logging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-logging@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-osgi-configadmin-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-configadmin@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-domain-http-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-domain-http@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-ee-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-ee@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-controller@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-messaging-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-messaging@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-pojo-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-pojo@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-sar-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-sar@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-deployment-repository-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-repository@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-osgi-service-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-osgi-service@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jboss-as-platform-mbean-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-platform-mbean@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossas-welcome-content-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-welcome-content-eap@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossas-core-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-core@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossas-product-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-product-eap@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossas-domain-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-domain@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossas-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-appclient@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossas-standalone-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-standalone@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossas-bundles-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-bundles@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } }, { "category": "product_version", "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product": { "name": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_id": "jbossas-modules-eap-0:7.5.20-1.Final_redhat_1.1.ep6.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-modules-eap@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jgroups-1:3.2.18-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jgroups@3.2.18-1.Final_redhat_1.1.ep6.el7?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jbossts-1:4.17.43-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossts@4.17.43-1.Final_redhat_1.1.ep6.el7?arch=noarch\u0026epoch=1" } } }, { "category": "product_version", "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jbossweb-0:7.5.28-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossweb@7.5.28-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "product": { "name": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "product_id": "hornetq-0:2.3.25-26.SP24_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/hornetq@2.3.25-26.SP24_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "product": { "name": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "product_id": "lucene-solr-0:3.6.2-8.redhat_9.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/lucene-solr@3.6.2-8.redhat_9.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product": { "name": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product_id": "codehaus-jackson-core-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson-core-asl@1.9.9-12.redhat_6.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product": { "name": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product_id": "codehaus-jackson-jaxrs-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson-jaxrs@1.9.9-12.redhat_6.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product": { "name": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product_id": "codehaus-jackson-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson@1.9.9-12.redhat_6.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product": { "name": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product_id": "codehaus-jackson-xc-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson-xc@1.9.9-12.redhat_6.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product": { "name": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product_id": "codehaus-jackson-mapper-asl-0:1.9.9-12.redhat_6.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/codehaus-jackson-mapper-asl@1.9.9-12.redhat_6.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "picketbox-0:4.1.7-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/picketbox@4.1.7-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jbossas-javadocs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jbossas-javadocs@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-jaxrs-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jaxrs@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-jdr-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jdr@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-process-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-process-controller@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-jsr77-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsr77@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-security-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-security@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-weld-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-weld@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-jsf-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jsf@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-system-jmx-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-system-jmx@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-jpa-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-jpa@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-appclient-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-appclient@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-deployment-scanner-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-deployment-scanner@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-host-controller-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jboss-as-host-controller@7.5.20-1.Final_redhat_1.1.ep6.el7?arch=noarch" } } }, { "category": "product_version", "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product": { "name": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "product_id": "jboss-as-webservices-0:7.5.20-1.Final_redhat_1.1.ep6.el7.noarch", "p