All the vulnerabilites related to Hitachi - Cosminexus Component Container
var-201201-0259
Vulnerability from variot
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. Apache Tomcat Calculates the hash value of the form parameter without restricting the assumption of hash collision. (CPU Resource consumption ) There is a vulnerability that becomes a condition.A third party can send a large amount of crafted parameters to disrupt service operation. (CPU Resource consumption ) There is a possibility of being put into a state. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: Hitachi COBOL2002 Products Unspecified Vulnerability
SECUNIA ADVISORY ID: SA47643
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47643/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47643
RELEASE DATE: 2012-01-20
DISCUSS ADVISORY: http://secunia.com/advisories/47643/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47643/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47643
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has reported a vulnerability in some COBOL2002 products, which can be exploited by malicious users to compromise a vulnerable system.
For more information: SA47612
The vulnerability is reported in versions 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, and 01-03 through 01-03-/F.
SOLUTION: Upgrade to version 02-01-/D.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-002/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-24
http://security.gentoo.org/
Severity: Normal Title: Apache Tomcat: Multiple vulnerabilities Date: June 24, 2012 Bugs: #272566, #273662, #303719, #320963, #329937, #373987, #374619, #382043, #386213, #396401, #399227 ID: 201206-24
Synopsis
Multiple vulnerabilities were found in Apache Tomcat, the worst of which allowing to read, modify and overwrite arbitrary files.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/tomcat < 5.5.34 >= 6.0.35 *< 6.0.35 >= 7.0.23 < 7.0.23
Description
Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.
Impact
The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server's hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file.
Workaround
There is no known workaround at this time.
Resolution
All Apache Tomcat 6.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.35"
All Apache Tomcat 7.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.23"
References
[ 1 ] CVE-2008-5515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5515 [ 2 ] CVE-2009-0033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0033 [ 3 ] CVE-2009-0580 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0580 [ 4 ] CVE-2009-0781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0781 [ 5 ] CVE-2009-0783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0783 [ 6 ] CVE-2009-2693 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2693 [ 7 ] CVE-2009-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2901 [ 8 ] CVE-2009-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2902 [ 9 ] CVE-2010-1157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1157 [ 10 ] CVE-2010-2227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2227 [ 11 ] CVE-2010-3718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3718 [ 12 ] CVE-2010-4172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4172 [ 13 ] CVE-2010-4312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4312 [ 14 ] CVE-2011-0013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0013 [ 15 ] CVE-2011-0534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0534 [ 16 ] CVE-2011-1088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1088 [ 17 ] CVE-2011-1183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1183 [ 18 ] CVE-2011-1184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1184 [ 19 ] CVE-2011-1419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1419 [ 20 ] CVE-2011-1475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1475 [ 21 ] CVE-2011-1582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1582 [ 22 ] CVE-2011-2204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2204 [ 23 ] CVE-2011-2481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2481 [ 24 ] CVE-2011-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2526 [ 25 ] CVE-2011-2729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2729 [ 26 ] CVE-2011-3190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3190 [ 27 ] CVE-2011-3375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3375 [ 28 ] CVE-2011-4858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4858 [ 29 ] CVE-2011-5062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5062 [ 30 ] CVE-2011-5063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5063 [ 31 ] CVE-2011-5064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5064 [ 32 ] CVE-2012-0022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0022
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-24.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: tomcat6 security and bug fix update Advisory ID: RHSA-2012:0682-01 Product: JBoss Enterprise Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0682.html Issue date: 2012-05-21 CVE Names: CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 CVE-2011-3375 CVE-2011-4858 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 CVE-2012-0022 =====================================================================
- Summary:
Updated tomcat6 packages that fix multiple security issues and three bugs are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
JBoss Enterprise Web Server 1.0 for RHEL 5 Server - noarch JBoss Enterprise Web Server 1.0 for RHEL 6 Server - noarch
- Description:
Apache Tomcat is a servlet container.
JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime (APR) support for Tomcat. References in this text to APR refer to the Tomcat Native implementation, not any other apr package.
This update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It also resolves the following security issues:
Multiple flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064)
A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially-crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application's authentication checks and gain access to information they would otherwise be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler) connector is used by default when the APR libraries are not present. The JK connector is not affected by this flaw. (CVE-2011-3190)
A flaw in the way Tomcat recycled objects that contain data from user requests (such as IP addresses and HTTP headers) when certain errors occurred. If a user sent a request that caused an error to be logged, Tomcat would return a reply to the next request (which could be sent by a different user) with data from the first user's request, leading to information disclosure. Under certain conditions, a remote attacker could leverage this flaw to hijack sessions. (CVE-2011-3375)
The Java hashCode() method implementation was susceptible to predictable hash collisions. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858)
Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022)
A flaw in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)
A flaw in the way Tomcat handled sendfile request attributes when using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application running on a Tomcat instance could use this flaw to bypass security manager restrictions and gain access to files it would otherwise be unable to access, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO connector is used by default in JBoss Enterprise Web Server. (CVE-2011-2526)
Red Hat would like to thank oCERT for reporting CVE-2011-4858, and the Apache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters of CVE-2011-4858.
- Solution:
Users of Tomcat should upgrade to these updated packages, which resolve these issues. Tomcat must be restarted for this update to take effect.
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
717013 - CVE-2011-2204 tomcat: password disclosure vulnerability 720948 - CVE-2011-2526 tomcat: security manager restrictions bypass 734868 - CVE-2011-3190 tomcat: authentication bypass and information disclosure 741401 - CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 tomcat: Multiple weaknesses in HTTP DIGEST authentication 750521 - CVE-2011-4858 tomcat: hash table collisions CPU usage DoS (oCERT-2011-003) 782624 - CVE-2011-3375 tomcat: information disclosure due to improper response and request object recycling 783359 - CVE-2012-0022 tomcat: large number of parameters DoS
- Package List:
JBoss Enterprise Web Server 1.0 for RHEL 5 Server:
Source: tomcat6-6.0.32-24_patch_07.ep5.el5.src.rpm
noarch: tomcat6-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-admin-webapps-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-docs-webapp-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-el-1.0-api-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-javadoc-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-jsp-2.1-api-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-lib-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-log4j-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-servlet-2.5-api-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-webapps-6.0.32-24_patch_07.ep5.el5.noarch.rpm
JBoss Enterprise Web Server 1.0 for RHEL 6 Server:
Source: tomcat6-6.0.32-24_patch_07.ep5.el6.src.rpm
noarch: tomcat6-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-admin-webapps-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-docs-webapp-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-el-1.0-api-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-javadoc-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-jsp-2.1-api-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-lib-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-log4j-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-servlet-2.5-api-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-webapps-6.0.32-24_patch_07.ep5.el6.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-1184.html https://www.redhat.com/security/data/cve/CVE-2011-2204.html https://www.redhat.com/security/data/cve/CVE-2011-2526.html https://www.redhat.com/security/data/cve/CVE-2011-3190.html https://www.redhat.com/security/data/cve/CVE-2011-3375.html https://www.redhat.com/security/data/cve/CVE-2011-4858.html https://www.redhat.com/security/data/cve/CVE-2011-5062.html https://www.redhat.com/security/data/cve/CVE-2011-5063.html https://www.redhat.com/security/data/cve/CVE-2011-5064.html https://www.redhat.com/security/data/cve/CVE-2012-0022.html https://access.redhat.com/security/updates/classification/#moderate http://tomcat.apache.org/security-6.html https://issues.jboss.org/browse/JBPAPP-4873 https://issues.jboss.org/browse/JBPAPP-6133 https://issues.jboss.org/browse/JBPAPP-6852
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPunmrXlSAg2UNWIIRAkA4AKCTaGA0dlkzcdXw8BMDz6i6Kk31iQCbBwk5 HGbJnvqJAVX57f9/Kpj3+R4= =pyZw -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service (infinite loop) on the JBoss Web server.
Warning: Before applying this update, back up your JBoss Enterprise Application Platform's "jboss-as/server/[PROFILE]/deploy/" directory, along with all other customized configuration files. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. Refer to the JBoss Enterprise Portal Platform 4.3 CP07 Release Notes, available shortly from docs.redhat.com, for information on the most significant bug fixes included in this release.
The following security fixes are also included:
JBoss Seam 2 did not properly block access to JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw. (CVE-2011-1484)
Note: If you have created custom applications that are packaged with a copy of the JBoss Seam 2 library, those applications must be rebuilt with the updated jboss-seam.jar file provided by this update. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064)
The invoker servlets, deployed by default via httpha-invoker, only performed access control on the HTTP GET and POST methods, allowing remote attackers to make unauthenticated requests by using different HTTP methods. Due to the second layer of authentication provided by a security interceptor, this issue is not exploitable on default installations unless an administrator has misconfigured the security interceptor or disabled it. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Note that if you have created custom applications that are packaged with a copy of the JBoss Seam 2 library, those applications must be rebuilt with the updated jboss-seam.jar file provided by this update. Description:
The JBoss Communications Platform (JBCP) is an open source VoIP platform certified for JAIN SLEE 1.1 and SIP Servlets 1.1 compliance. JBCP serves as a high performance core for Service Delivery Platforms (SDPs) and IP Multimedia Subsystems (IMSs) by leveraging J2EE to enable the convergence of data and video in Next-Generation Intelligent Network (NGIN) applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201201-0259",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.9"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.15"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.25"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.21"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.13"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.15"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.16"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.33"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "5.5.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.22"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.20"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.7"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.22"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.27"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.18"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.18"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.17"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.19"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.14"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.30"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.7"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.9"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.24"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.14"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.23"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.19"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.32"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.29"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.17"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.31"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.16"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.20"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.21"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.34"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.13"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.28"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.26"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apache tomcat",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "oracle",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ruby",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "the php group",
"version": null
},
{
"model": "interstage list works",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage service integrator",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard"
},
{
"model": "systemwalker software configuration manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "systemwalker it change manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise version 6"
},
{
"model": "interstage xml business activity recorder",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard-j edition v7.1 to v8.1"
},
{
"model": "tomcat",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "7.x"
},
{
"model": "interstage web server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise service bus v6.4 to v8.4"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise edition v4.1 to v6.5"
},
{
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "platform"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "smart edition"
},
{
"model": "it operations analyzer",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "tomcat",
"scope": "lt",
"trust": 0.8,
"vendor": "apache",
"version": "6.x"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for plug-in"
},
{
"model": "cosminexus component container",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "systemwalker operation manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "systemwalker it process master",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "developer v7.1 to v8.1"
},
{
"model": "interstage application development cycle manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage application server",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "none"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "portal v8.2 to v8.3"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise edition v7.1 to v8.1"
},
{
"model": "csview",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "/faq navigator v4 v5"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterprise v8.2 to v8.4"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard-r"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "foundation v8.2 to v8.4"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "sip application server st ard edition v7.1 to v8.1"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "development environment v6.1 to v6.5"
},
{
"model": "systemwalker desktop inspection",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "6.0.35"
},
{
"model": "websam storage vmware vcenter plug-in",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v1.1"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "web edition v7.1 to v8.1"
},
{
"model": "success server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage application server",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "plus developer / apworks / studio"
},
{
"model": "systemwalker service quality coordinator",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "uddi registry v1.1 to v7.1"
},
{
"model": "systemwalker runbook automation",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "serverview",
"scope": "eq",
"trust": 0.8,
"vendor": "fujitsu",
"version": "resource orchestrator cloud edition"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard v8.2 to v8.4"
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional version 6"
},
{
"model": "interstage list manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard-j edition v4.1 to v6.5"
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"model": "interstage business application server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "infoframe documentskipper",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v4.1"
},
{
"model": "infocage",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "pc security v1.44 before"
},
{
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "architect"
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard edition v4.1 to v6.5"
},
{
"model": "internet navigware server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "express"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"model": "infoframe documentskipper",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v3.2"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise"
},
{
"model": "websam securemaster",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterpriseidentitymanager ver4.1 all versions up to"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "01"
},
{
"model": "interstage application framework suite",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "systemwalker availability view",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "interstage shunsaku data manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"model": "interstage form coordinator workflow",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "systemwalker service catalog manager",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": "webotx",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "web edition v4.1 to v6.5"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "st ard edition v7.1 to v8.1"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard version 6"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"model": "websam securemaster",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "enterpriseaccessmanager ver5.0 to ver6.1"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light version 6"
},
{
"model": "webotx application server",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "express v8.2 to v8.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "7.0.23"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "st ard version 6"
},
{
"model": "garoon",
"scope": "eq",
"trust": 0.8,
"vendor": "cybozu",
"version": "2.0.0 to 3.1"
},
{
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "platform - messaging"
},
{
"model": "infoframe documentskipper",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v5.1"
},
{
"model": "interstage job workload server",
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001003"
},
{
"db": "NVD",
"id": "CVE-2011-4858"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:tomcat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:cognos_business_intelligence",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cybozu:garoon",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:csview",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:infocage",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:infoframe_documentskipper",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:webotx_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:websam_securemaster",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_component_container",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:it_operations_analyzer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:internet_navigware_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_form_coordinator_workflow",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_list_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_list_works",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_shunsaku_data_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_web_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:interstage_xml_business_activity_recorder",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:serverview",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:success_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_availability_view",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_desktop_inspection",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_change_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_process_master",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_operation_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_runbook_automation",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001003"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "111783"
},
{
"db": "PACKETSTORM",
"id": "112906"
},
{
"db": "PACKETSTORM",
"id": "110084"
},
{
"db": "PACKETSTORM",
"id": "109272"
},
{
"db": "PACKETSTORM",
"id": "109367"
},
{
"db": "PACKETSTORM",
"id": "109274"
}
],
"trust": 0.6
},
"cve": "CVE-2011-4858",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2011-4858",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-4858",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#903934",
"trust": 0.8,
"value": "10.80"
},
{
"author": "NVD",
"id": "CVE-2011-4858",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULMON",
"id": "CVE-2011-4858",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "VULMON",
"id": "CVE-2011-4858"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001003"
},
{
"db": "NVD",
"id": "CVE-2011-4858"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. Apache Tomcat Calculates the hash value of the form parameter without restricting the assumption of hash collision. (CPU Resource consumption ) There is a vulnerability that becomes a condition.A third party can send a large amount of crafted parameters to disrupt service operation. (CPU Resource consumption ) There is a possibility of being put into a state. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi COBOL2002 Products Unspecified Vulnerability\n\nSECUNIA ADVISORY ID:\nSA47643\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47643/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47643\n\nRELEASE DATE:\n2012-01-20\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47643/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47643/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47643\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has reported a vulnerability in some COBOL2002 products,\nwhich can be exploited by malicious users to compromise a vulnerable\nsystem. \n\nFor more information:\nSA47612\n\nThe vulnerability is reported in versions 01-00, 01-01 through\n01-01-/D, 01-02 through 01-02-/F, and 01-03 through 01-03-/F. \n\nSOLUTION:\nUpgrade to version 02-01-/D. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-002/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201206-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache Tomcat: Multiple vulnerabilities\n Date: June 24, 2012\n Bugs: #272566, #273662, #303719, #320963, #329937, #373987,\n #374619, #382043, #386213, #396401, #399227\n ID: 201206-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in Apache Tomcat, the worst of\nwhich allowing to read, modify and overwrite arbitrary files. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/tomcat *\u003c 5.5.34 *\u003e= 6.0.35\n *\u003c 6.0.35 \u003e= 7.0.23\n \u003c 7.0.23\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Apache Tomcat. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nThe vulnerabilities allow an attacker to cause a Denial of Service, to\nhijack a session, to bypass authentication, to inject webscript, to\nenumerate valid usernames, to read, modify and overwrite arbitrary\nfiles, to bypass intended access restrictions, to delete work-directory\nfiles, to discover the server\u0027s hostname or IP, to bypass read\npermissions for files or HTTP headers, to read or write files outside\nof the intended working directory, and to obtain sensitive information\nby reading a log file. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-6.0.35\"\n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-7.0.23\"\n\nReferences\n==========\n\n[ 1 ] CVE-2008-5515\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5515\n[ 2 ] CVE-2009-0033\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0033\n[ 3 ] CVE-2009-0580\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0580\n[ 4 ] CVE-2009-0781\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0781\n[ 5 ] CVE-2009-0783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0783\n[ 6 ] CVE-2009-2693\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2693\n[ 7 ] CVE-2009-2901\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2901\n[ 8 ] CVE-2009-2902\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2902\n[ 9 ] CVE-2010-1157\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1157\n[ 10 ] CVE-2010-2227\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2227\n[ 11 ] CVE-2010-3718\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3718\n[ 12 ] CVE-2010-4172\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4172\n[ 13 ] CVE-2010-4312\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4312\n[ 14 ] CVE-2011-0013\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0013\n[ 15 ] CVE-2011-0534\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0534\n[ 16 ] CVE-2011-1088\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1088\n[ 17 ] CVE-2011-1183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1183\n[ 18 ] CVE-2011-1184\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1184\n[ 19 ] CVE-2011-1419\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1419\n[ 20 ] CVE-2011-1475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1475\n[ 21 ] CVE-2011-1582\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1582\n[ 22 ] CVE-2011-2204\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2204\n[ 23 ] CVE-2011-2481\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2481\n[ 24 ] CVE-2011-2526\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2526\n[ 25 ] CVE-2011-2729\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2729\n[ 26 ] CVE-2011-3190\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3190\n[ 27 ] CVE-2011-3375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3375\n[ 28 ] CVE-2011-4858\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4858\n[ 29 ] CVE-2011-5062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5062\n[ 30 ] CVE-2011-5063\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5063\n[ 31 ] CVE-2011-5064\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5064\n[ 32 ] CVE-2012-0022\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0022\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-24.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Optional (v. 6) - noarch\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch\nRed Hat Enterprise Linux Workstation (v. 6) - noarch\nRed Hat Enterprise Linux Workstation Optional (v. 6) - noarch\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: tomcat6 security and bug fix update\nAdvisory ID: RHSA-2012:0682-01\nProduct: JBoss Enterprise Web Server\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0682.html\nIssue date: 2012-05-21\nCVE Names: CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 \n CVE-2011-3190 CVE-2011-3375 CVE-2011-4858 \n CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 \n CVE-2012-0022 \n=====================================================================\n\n1. Summary:\n\nUpdated tomcat6 packages that fix multiple security issues and three bugs\nare now available for JBoss Enterprise Web Server 1.0.2 for Red Hat\nEnterprise Linux 5 and 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nJBoss Enterprise Web Server 1.0 for RHEL 5 Server - noarch\nJBoss Enterprise Web Server 1.0 for RHEL 6 Server - noarch\n\n3. Description:\n\nApache Tomcat is a servlet container. \n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing\nApache Portable Runtime (APR) support for Tomcat. References in this text\nto APR refer to the Tomcat Native implementation, not any other apr\npackage. \n\nThis update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It\nalso resolves the following security issues:\n\nMultiple flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063,\nCVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application\u0027s\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw in the way Tomcat recycled objects that contain data from user\nrequests (such as IP addresses and HTTP headers) when certain errors\noccurred. If a user sent a request that caused an error to be logged,\nTomcat would return a reply to the next request (which could be sent by a\ndifferent user) with data from the first user\u0027s request, leading to\ninformation disclosure. Under certain conditions, a remote attacker could\nleverage this flaw to hijack sessions. (CVE-2011-3375)\n\nThe Java hashCode() method implementation was susceptible to predictable\nhash collisions. This update\nintroduces a limit on the number of parameters processed per request to\nmitigate this issue. The default limit is 512 for parameters and 128 for\nheaders. These defaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. \n(CVE-2011-4858)\n\nTomcat did not handle large numbers of parameters and large parameter\nvalues efficiently. A remote attacker could make Tomcat use an excessive\namount of CPU time by sending an HTTP request containing a large number of\nparameters or large parameter values. This update introduces limits on the\nnumber of parameters and headers processed per request to address this\nissue. Refer to the CVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. \n(CVE-2012-0022)\n\nA flaw in the Tomcat MemoryUserDatabase. If a runtime exception occurred\nwhen creating a new user with a JMX client, that user\u0027s password was logged\nto Tomcat log files. Note: By default, only administrators have access to\nsuch log files. (CVE-2011-2204)\n\nA flaw in the way Tomcat handled sendfile request attributes when using the\nHTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application\nrunning on a Tomcat instance could use this flaw to bypass security manager\nrestrictions and gain access to files it would otherwise be unable to\naccess, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO\nconnector is used by default in JBoss Enterprise Web Server. \n(CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858. \n\n4. Solution:\n\nUsers of Tomcat should upgrade to these updated packages, which\nresolve these issues. Tomcat must be restarted for this update to take\neffect. \n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n717013 - CVE-2011-2204 tomcat: password disclosure vulnerability\n720948 - CVE-2011-2526 tomcat: security manager restrictions bypass\n734868 - CVE-2011-3190 tomcat: authentication bypass and information disclosure\n741401 - CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 tomcat: Multiple weaknesses in HTTP DIGEST authentication\n750521 - CVE-2011-4858 tomcat: hash table collisions CPU usage DoS (oCERT-2011-003)\n782624 - CVE-2011-3375 tomcat: information disclosure due to improper response and request object recycling\n783359 - CVE-2012-0022 tomcat: large number of parameters DoS\n\n6. Package List:\n\nJBoss Enterprise Web Server 1.0 for RHEL 5 Server:\n\nSource:\ntomcat6-6.0.32-24_patch_07.ep5.el5.src.rpm\n\nnoarch:\ntomcat6-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-admin-webapps-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-docs-webapp-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-el-1.0-api-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-javadoc-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-jsp-2.1-api-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-lib-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-log4j-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-servlet-2.5-api-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-webapps-6.0.32-24_patch_07.ep5.el5.noarch.rpm\n\nJBoss Enterprise Web Server 1.0 for RHEL 6 Server:\n\nSource:\ntomcat6-6.0.32-24_patch_07.ep5.el6.src.rpm\n\nnoarch:\ntomcat6-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-admin-webapps-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-docs-webapp-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-el-1.0-api-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-javadoc-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-jsp-2.1-api-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-lib-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-log4j-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-servlet-2.5-api-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-webapps-6.0.32-24_patch_07.ep5.el6.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-1184.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-2204.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-2526.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3190.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3375.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4858.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-5062.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-5063.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-5064.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0022.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttp://tomcat.apache.org/security-6.html\nhttps://issues.jboss.org/browse/JBPAPP-4873\nhttps://issues.jboss.org/browse/JBPAPP-6133\nhttps://issues.jboss.org/browse/JBPAPP-6852\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPunmrXlSAg2UNWIIRAkA4AKCTaGA0dlkzcdXw8BMDz6i6Kk31iQCbBwk5\nHGbJnvqJAVX57f9/Kpj3+R4=\n=pyZw\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nA flaw was found in the way JBoss Web handled UTF-8 surrogate pair\ncharacters. If JBoss Web was hosting an application with UTF-8 character\nencoding enabled, or that included user-supplied UTF-8 strings in a\nresponse, a remote attacker could use this flaw to cause a denial of\nservice (infinite loop) on the JBoss Web server. \n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform\u0027s \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files. It comprises a set of offerings for enterprise\ncustomers who are looking for pre-configured profiles of JBoss Enterprise\nMiddleware components that have been tested and certified together to\nprovide an integrated experience. Refer to the\nJBoss Enterprise Portal Platform 4.3 CP07 Release Notes, available shortly\nfrom docs.redhat.com, for information on the most significant bug fixes\nincluded in this release. \n\nThe following security fixes are also included:\n\nJBoss Seam 2 did not properly block access to JBoss Expression Language\n(EL) constructs in page exception handling, allowing arbitrary Java methods\nto be executed. A remote attacker could use this flaw to execute arbitrary\ncode via a specially-crafted URL provided to certain applications based on\nthe JBoss Seam 2 framework. Note: A properly configured and enabled Java\nSecurity Manager would prevent exploitation of this flaw. (CVE-2011-1484)\n\nNote: If you have created custom applications that are packaged with a copy\nof the JBoss Seam 2 library, those applications must be rebuilt with the\nupdated jboss-seam.jar file provided by this update. (CVE-2011-1184, CVE-2011-5062,\nCVE-2011-5063, CVE-2011-5064)\n\nThe invoker servlets, deployed by default via httpha-invoker, only\nperformed access control on the HTTP GET and POST methods, allowing remote\nattackers to make unauthenticated requests by using different HTTP methods. \nDue to the second layer of authentication provided by a security\ninterceptor, this issue is not exploitable on default installations unless\nan administrator has misconfigured the security interceptor or disabled it. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \nNote that if you have created custom applications that are packaged with a\ncopy of the JBoss Seam 2 library, those applications must be rebuilt with\nthe updated jboss-seam.jar file provided by this update. Description:\n\nThe JBoss Communications Platform (JBCP) is an open source VoIP platform\ncertified for JAIN SLEE 1.1 and SIP Servlets 1.1 compliance. JBCP serves as\na high performance core for Service Delivery Platforms (SDPs) and IP\nMultimedia Subsystems (IMSs) by leveraging J2EE to enable the convergence\nof data and video in Next-Generation Intelligent Network (NGIN)\napplications",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4858"
},
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001003"
},
{
"db": "VULMON",
"id": "CVE-2011-4858"
},
{
"db": "PACKETSTORM",
"id": "108860"
},
{
"db": "PACKETSTORM",
"id": "114139"
},
{
"db": "PACKETSTORM",
"id": "111783"
},
{
"db": "PACKETSTORM",
"id": "112906"
},
{
"db": "PACKETSTORM",
"id": "110084"
},
{
"db": "PACKETSTORM",
"id": "109272"
},
{
"db": "PACKETSTORM",
"id": "109367"
},
{
"db": "PACKETSTORM",
"id": "109274"
}
],
"trust": 3.15
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=2012",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-4858"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#903934",
"trust": 2.7
},
{
"db": "NVD",
"id": "CVE-2011-4858",
"trust": 2.6
},
{
"db": "OCERT",
"id": "OCERT-2011-003",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "48791",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "48790",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "48549",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "54971",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "55115",
"trust": 1.1
},
{
"db": "BID",
"id": "51200",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001003",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "47643",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "2012",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2011-4858",
"trust": 0.1
},
{
"db": "HITACHI",
"id": "HS12-002",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "108860",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "114139",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "111783",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "112906",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "110084",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109272",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109367",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "109274",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "VULMON",
"id": "CVE-2011-4858"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001003"
},
{
"db": "PACKETSTORM",
"id": "108860"
},
{
"db": "PACKETSTORM",
"id": "114139"
},
{
"db": "PACKETSTORM",
"id": "111783"
},
{
"db": "PACKETSTORM",
"id": "112906"
},
{
"db": "PACKETSTORM",
"id": "110084"
},
{
"db": "PACKETSTORM",
"id": "109272"
},
{
"db": "PACKETSTORM",
"id": "109367"
},
{
"db": "PACKETSTORM",
"id": "109274"
},
{
"db": "NVD",
"id": "CVE-2011-4858"
}
]
},
"id": "VAR-201201-0259",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.26205936
},
"last_update_date": "2024-11-29T22:15:39.169000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Changelog",
"trust": 0.8,
"url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
},
{
"title": "HS12-019",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-019/index.html"
},
{
"title": "HS12-003",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-003/index.html"
},
{
"title": "1626697",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626697"
},
{
"title": "4034373",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24034373"
},
{
"title": "NV12-003",
"trust": 0.8,
"url": "http://www.nec.co.jp/security-info/secinfo/nv12-003.html"
},
{
"title": "Bug 750521",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521"
},
{
"title": "Multiple vulnerabilities in Oracle Java Web Console - oracle_java",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java"
},
{
"title": "Multiple vulnerabilities in Oracle Java Web Console - oracle_java1",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1"
},
{
"title": "Multiple Denial of Service (DoS) vulnerabilities in Apache Tomcat",
"trust": 0.8,
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos"
},
{
"title": "CY12-02-006",
"trust": 0.8,
"url": "http://cs.cybozu.co.jp/information/20120224up08.php"
},
{
"title": "interstage_as_201201",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201201.html"
},
{
"title": "HS12-019",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-019/index.html"
},
{
"title": "HS12-003",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-003/index.html"
},
{
"title": "\u3010iStorage M\u30b7\u30ea\u30fc\u30ba\u3011WebSAM Storage VMware vCenter Plug-inV1.1\u304c\u4f7f\u7528\u3057\u3066\u3044\u308bApache Tomcat\u8106\u5f31\u6027\u554f\u984c\u306e\u5bfe\u51e6\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "http://www.support.nec.co.jp/View.aspx?id=3140100906"
},
{
"title": "WebOTX Web\u30b3\u30f3\u30c6\u30ca \u306e\u30cf\u30c3\u30b7\u30e5\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\uff08CVE-2011-4858\uff09\u306b\u3064\u3044\u3066",
"trust": 0.8,
"url": "https://www.support.nec.co.jp/View.aspx?id=3010100358"
},
{
"title": "InfoCage PC\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 - \u91cd\u8981\u306a\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.nec.co.jp/cced/infocage/info/pc_security_news120329.html"
},
{
"title": "Red Hat: Moderate: tomcat6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120475 - Security Advisory"
},
{
"title": "Red Hat: Moderate: tomcat5 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120474 - Security Advisory"
},
{
"title": "Red Hat: Important: jbossweb security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120074 - Security Advisory"
},
{
"title": "Red Hat: Important: jbossweb security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120076 - Security Advisory"
},
{
"title": "Ubuntu Security Notice: tomcat6 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1359-1"
},
{
"title": "Red Hat: Moderate: tomcat5 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120680 - Security Advisory"
},
{
"title": "Red Hat: Moderate: tomcat6 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120682 - Security Advisory"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2011-4084 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2011-4858"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001003"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001003"
},
{
"db": "NVD",
"id": "CVE-2011-4858"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.ocert.org/advisories/ocert-2011-003.html"
},
{
"trust": 1.9,
"url": "http://www.nruns.com/_downloads/advisory28122011.pdf"
},
{
"trust": 1.9,
"url": "http://www.kb.cert.org/vuls/id/903934"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0074.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0325.html"
},
{
"trust": 1.2,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0078.html"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521"
},
{
"trust": 1.1,
"url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html"
},
{
"trust": 1.1,
"url": "https://github.com/firefart/hashcollision-dos-poc/blob/master/hashtablepoc.py"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2012/dsa-2401"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48791"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48790"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/54971"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/55115"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0089.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0406.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0075.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0076.html"
},
{
"trust": 1.1,
"url": "http://rhn.redhat.com/errata/rhsa-2012-0077.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/51200"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a18886"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/48549"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2"
},
{
"trust": 1.0,
"url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4efb9800.5010106%40apache.org%3e"
},
{
"trust": 0.8,
"url": "http://www.cs.rice.edu/~scrosby/hash/crosbywallach_usenixsec2003.pdf"
},
{
"trust": 0.8,
"url": "http://technet.microsoft.com/en-us/security/bulletin/ms11-100.mspx"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/b/srd/archive/2011/12/27/more-information-about-the-december-2011-asp-net-vulnerability.aspx"
},
{
"trust": 0.8,
"url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4858"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/vul/20120106-web.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu903934"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4858"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4858"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/security/data/cve/cve-2011-4858.html"
},
{
"trust": 0.6,
"url": "http://bugzilla.redhat.com/):"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2012-0022.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-0022"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2011-5063.html"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2011-2526.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5063"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2011-5064.html"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2011-1184.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5064"
},
{
"trust": 0.5,
"url": "https://www.redhat.com/security/data/cve/cve-2011-5062.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-5062"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2011-4610.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4610"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-3375"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/kb/docs/doc-11259"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.2,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"trust": 0.2,
"url": "https://docs.redhat.com/docs/en-us/index.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/399.html"
},
{
"trust": 0.1,
"url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4efb9800.5010106@apache.org%3e"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2012:0475"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2011-4084"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/1359-1/"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/2012/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=24901"
},
{
"trust": 0.1,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-002/index.html"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47643"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47643/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/47643/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0033"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0781"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2729"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2902"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5062"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0534"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1183"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3718"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1475"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0534"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0013"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5063"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1582"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4172"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5064"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4312"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1475"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1088"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0580"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2901"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2526"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1183"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1184"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2204"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-5515"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0022"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2693"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1157"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4172"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1088"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2481"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-0783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4312"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4858"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2227"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2481"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5515"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3190"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1419"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3375"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/glsa/glsa-201206-24.xml"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1582"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1419"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-0475.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-2204.html"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/browse/jbpapp-6852"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3375.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-3190.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-0682.html"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/browse/jbpapp-6133"
},
{
"trust": 0.1,
"url": "https://issues.jboss.org/browse/jbpapp-4873"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=brms\u0026downloadtype=securitypatches\u0026version=5.2.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=soaplatform\u0026downloadtype=securitypatches\u0026version=5.2.0+ga"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jbportal\u0026downloadtype=securitypatches\u0026version=5.2.0"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-4085"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2011-1484"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jbportal\u0026version=4.3+cp07"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-1484.html"
},
{
"trust": 0.1,
"url": "https://rhn.redhat.com/errata/rhsa-2012-0091.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2011-4085.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=communications.platform\u0026downloadtype=distributions"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "VULMON",
"id": "CVE-2011-4858"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001003"
},
{
"db": "PACKETSTORM",
"id": "108860"
},
{
"db": "PACKETSTORM",
"id": "114139"
},
{
"db": "PACKETSTORM",
"id": "111783"
},
{
"db": "PACKETSTORM",
"id": "112906"
},
{
"db": "PACKETSTORM",
"id": "110084"
},
{
"db": "PACKETSTORM",
"id": "109272"
},
{
"db": "PACKETSTORM",
"id": "109367"
},
{
"db": "PACKETSTORM",
"id": "109274"
},
{
"db": "NVD",
"id": "CVE-2011-4858"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#903934"
},
{
"db": "VULMON",
"id": "CVE-2011-4858"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001003"
},
{
"db": "PACKETSTORM",
"id": "108860"
},
{
"db": "PACKETSTORM",
"id": "114139"
},
{
"db": "PACKETSTORM",
"id": "111783"
},
{
"db": "PACKETSTORM",
"id": "112906"
},
{
"db": "PACKETSTORM",
"id": "110084"
},
{
"db": "PACKETSTORM",
"id": "109272"
},
{
"db": "PACKETSTORM",
"id": "109367"
},
{
"db": "PACKETSTORM",
"id": "109274"
},
{
"db": "NVD",
"id": "CVE-2011-4858"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-28T00:00:00",
"db": "CERT/CC",
"id": "VU#903934"
},
{
"date": "2012-01-05T00:00:00",
"db": "VULMON",
"id": "CVE-2011-4858"
},
{
"date": "2012-01-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001003"
},
{
"date": "2012-01-20T08:20:03",
"db": "PACKETSTORM",
"id": "108860"
},
{
"date": "2012-06-24T23:54:31",
"db": "PACKETSTORM",
"id": "114139"
},
{
"date": "2012-04-12T03:14:12",
"db": "PACKETSTORM",
"id": "111783"
},
{
"date": "2012-05-22T00:21:41",
"db": "PACKETSTORM",
"id": "112906"
},
{
"date": "2012-02-23T04:44:48",
"db": "PACKETSTORM",
"id": "110084"
},
{
"date": "2012-02-01T02:55:02",
"db": "PACKETSTORM",
"id": "109272"
},
{
"date": "2012-02-03T00:18:35",
"db": "PACKETSTORM",
"id": "109367"
},
{
"date": "2012-02-01T02:55:27",
"db": "PACKETSTORM",
"id": "109274"
},
{
"date": "2012-01-05T19:55:01.033000",
"db": "NVD",
"id": "CVE-2011-4858"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-15T00:00:00",
"db": "CERT/CC",
"id": "VU#903934"
},
{
"date": "2018-01-09T00:00:00",
"db": "VULMON",
"id": "CVE-2011-4858"
},
{
"date": "2013-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001003"
},
{
"date": "2024-11-21T01:33:07.977000",
"db": "NVD",
"id": "CVE-2011-4858"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "111783"
},
{
"db": "PACKETSTORM",
"id": "112906"
},
{
"db": "PACKETSTORM",
"id": "110084"
},
{
"db": "PACKETSTORM",
"id": "109272"
}
],
"trust": 0.4
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hash table implementations vulnerable to algorithmic complexity attacks",
"sources": [
{
"db": "CERT/CC",
"id": "VU#903934"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "114139"
}
],
"trust": 0.1
}
}
var-201704-1034
Vulnerability from variot
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. The Apache Software Foundation From Apache Tomcat Updates for the following multiple vulnerabilities have been released: * * HTTP Response falsification (CVE-2016-6816) * * Service operation interruption (DoS) (CVE-2016-6817) * * Arbitrary code execution (CVE-2016-8735)Expected impact varies depending on each vulnerability, but information leakage, service operation interruption (DoS) May be affected by arbitrary code execution. Apache Tomcat is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. The following versions are affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M11. Apache Tomcat 8.5.0 to 8.5.6. Apache Tomcat 8.0.0.RC1 to 8.0.38. Apache Tomcat 7.0.0 to 7.0.72. Apache Tomcat 6.0.0 to 6.0.47. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Web Server 3.1.0 security and enhancement update Advisory ID: RHSA-2017:0455-01 Product: Red Hat JBoss Web Server Advisory URL: https://access.redhat.com/errata/RHSA-2017:0455 Issue date: 2015-11-12 Updated on: 2017-03-07 CVE Names: CVE-2016-0762 CVE-2016-1240 CVE-2016-3092 CVE-2016-5018 CVE-2016-6325 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 =====================================================================
- Summary:
An update is now available for Red Hat JBoss Web Server 3 for RHEL 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Web Server 3.1 for RHEL 6 - i386, noarch, ppc64, x86_64
- Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications.
This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.
Security Fix(es):
-
It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)
-
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)
-
The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)
-
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-3092)
-
It was discovered that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other then their own. (CVE-2016-6816)
-
A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
-
The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)
-
It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)
-
It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)
-
It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)
-
It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)
The CVE-2016-6325 issue was discovered by Red Hat Product Security.
Enhancement(s):
This enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to Red Hat Enterprise Linux 6. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server. (JIRA#JWS-267)
Users of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.
- Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1349468 - CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service 1367447 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation 1376712 - CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation 1390493 - CVE-2016-6797 tomcat: unrestricted access to global resources 1390515 - CVE-2016-6796 tomcat: security manager bypass via JSP Servlet config parameters 1390520 - CVE-2016-6794 tomcat: system property disclosure 1390525 - CVE-2016-5018 tomcat: security manager bypass via IntrospectHelper utility function 1390526 - CVE-2016-0762 tomcat: timing attack in Realm implementation 1397484 - CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests 1397485 - CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener 1403824 - CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing
- JIRA issues fixed (https://issues.jboss.org/):
JWS-267 - RHEL 6 Errata JIRA
- Package List:
Red Hat JBoss Web Server 3.1 for RHEL 6:
Source: hibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.src.rpm jbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el6.src.rpm jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.src.rpm mod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el6.src.rpm tomcat-native-1.2.8-9.redhat_9.ep7.el6.src.rpm tomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el6.src.rpm tomcat7-7.0.70-16.ep7.el6.src.rpm tomcat8-8.0.36-17.ep7.el6.src.rpm
i386: jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.i686.rpm jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.i686.rpm tomcat-native-1.2.8-9.redhat_9.ep7.el6.i686.rpm tomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el6.i686.rpm
noarch: hibernate4-c3p0-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm hibernate4-core-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm hibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm hibernate4-entitymanager-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm hibernate4-envers-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm jbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el6.noarch.rpm jbcs-httpd24-runtime-1-3.jbcs.el6.noarch.rpm mod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm mod_cluster-tomcat7-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm mod_cluster-tomcat8-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm tomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el6.noarch.rpm tomcat7-7.0.70-16.ep7.el6.noarch.rpm tomcat7-admin-webapps-7.0.70-16.ep7.el6.noarch.rpm tomcat7-docs-webapp-7.0.70-16.ep7.el6.noarch.rpm tomcat7-el-2.2-api-7.0.70-16.ep7.el6.noarch.rpm tomcat7-javadoc-7.0.70-16.ep7.el6.noarch.rpm tomcat7-jsp-2.2-api-7.0.70-16.ep7.el6.noarch.rpm tomcat7-jsvc-7.0.70-16.ep7.el6.noarch.rpm tomcat7-lib-7.0.70-16.ep7.el6.noarch.rpm tomcat7-log4j-7.0.70-16.ep7.el6.noarch.rpm tomcat7-selinux-7.0.70-16.ep7.el6.noarch.rpm tomcat7-servlet-3.0-api-7.0.70-16.ep7.el6.noarch.rpm tomcat7-webapps-7.0.70-16.ep7.el6.noarch.rpm tomcat8-8.0.36-17.ep7.el6.noarch.rpm tomcat8-admin-webapps-8.0.36-17.ep7.el6.noarch.rpm tomcat8-docs-webapp-8.0.36-17.ep7.el6.noarch.rpm tomcat8-el-2.2-api-8.0.36-17.ep7.el6.noarch.rpm tomcat8-javadoc-8.0.36-17.ep7.el6.noarch.rpm tomcat8-jsp-2.3-api-8.0.36-17.ep7.el6.noarch.rpm tomcat8-jsvc-8.0.36-17.ep7.el6.noarch.rpm tomcat8-lib-8.0.36-17.ep7.el6.noarch.rpm tomcat8-log4j-8.0.36-17.ep7.el6.noarch.rpm tomcat8-selinux-8.0.36-17.ep7.el6.noarch.rpm tomcat8-servlet-3.1-api-8.0.36-17.ep7.el6.noarch.rpm tomcat8-webapps-8.0.36-17.ep7.el6.noarch.rpm
ppc64: jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.ppc64.rpm jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.ppc64.rpm
x86_64: jbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.x86_64.rpm jbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.x86_64.rpm tomcat-native-1.2.8-9.redhat_9.ep7.el6.x86_64.rpm tomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2016-0762 https://access.redhat.com/security/cve/CVE-2016-1240 https://access.redhat.com/security/cve/CVE-2016-3092 https://access.redhat.com/security/cve/CVE-2016-5018 https://access.redhat.com/security/cve/CVE-2016-6325 https://access.redhat.com/security/cve/CVE-2016-6794 https://access.redhat.com/security/cve/CVE-2016-6796 https://access.redhat.com/security/cve/CVE-2016-6797 https://access.redhat.com/security/cve/CVE-2016-6816 https://access.redhat.com/security/cve/CVE-2016-8735 https://access.redhat.com/security/cve/CVE-2016-8745 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFYvww0XlSAg2UNWIIRAnJlAJ9c1cyDXP1/dI30fGjC0wJVDGbw3QCfbnXw /PBR7pUGLbNA0xtWDwAi0Xk= =Y+gP -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-3738-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond December 18, 2016 https://www.debian.org/security/faq
Package : tomcat7 CVE ID : CVE-2016-6816 CVE-2016-8735 CVE-2016-9774 CVE-2016-9775 Debian Bug : 802312 845385 845393
Multiple security vulnerabilities were discovered in the Tomcat servlet and JSP engine, as well as in its Debian-specific maintainer scripts. Those flaws allowed for privilege escalation, information disclosure, and remote code execution.
For the stable distribution (jessie), these problems have been fixed in version 7.0.56-3+deb8u6.
For the testing (stretch) and unstable (sid) distributions, these problems have been fixed in version 7.0.72-3.
We recommend that you upgrade your tomcat7 packages.
The References section of this erratum contains a download link (you must log in to download the update). =========================================================================== Ubuntu Security Notice USN-3177-2 February 02, 2017
tomcat6, tomcat7 regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
USN-3177-1 introduced a regression in Tomcat.
Software Description: - tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine
Details:
USN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a regression in environments where Tomcat is started with a security manager. This update fixes the problem.
We apologize for the inconvenience. A remote attacker could possibly use this issue to enumerate usernames. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5018) It was discovered that Tomcat did not protect applications from untrusted data in the HTTP_PROXY environment variable. A remote attacker could possibly use this issue to redirect outbound traffic to an arbitrary proxy server. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-5388) It was discovered that Tomcat incorrectly controlled reading system properties. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. A malicious application could possibly use this to bypass Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6816) Pierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not implement a recommended fix. (CVE-2016-8745) Paul Szabo discovered that the Tomcat package incorrectly handled upgrades and removals. A local attacker could possibly use this issue to obtain root privileges. (CVE-2016-9774, CVE-2016-9775)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 LTS: libtomcat7-java 7.0.52-1ubuntu0.9 tomcat7 7.0.52-1ubuntu0.9
Ubuntu 12.04 LTS: libtomcat6-java 6.0.35-1ubuntu3.10 tomcat6 6.0.35-1ubuntu3.10
In general, a standard system update will make all the necessary changes. (JIRA#JWS-268)
4
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1034",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "9.0.0"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4.2.4181"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.4"
},
{
"model": "micros relate crm software",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.8"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.0"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.8.1"
},
{
"model": "communications application session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.7.1"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2.1.0"
},
{
"model": "communications application session controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "3.8.0"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.39"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "communications interactive session recorder",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "7-mode transition tool",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.6.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.5"
},
{
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.3.0"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.7"
},
{
"model": "mysql enterprise monitor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.4.0"
},
{
"model": "communications instant messaging server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.0.1"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.3"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.7.7"
},
{
"model": "micros relate crm software",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.4"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.0"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.2"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.3.4.3247"
},
{
"model": "agile engineering data management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.1.3"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.6"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.8.0"
},
{
"model": "jboss enterprise web server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.0.0"
},
{
"model": "agile plm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.3.5"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "tomcat",
"scope": "gte",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.0"
},
{
"model": "hospitality guest access",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "4.2.0"
},
{
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.48"
},
{
"model": "micros retail xbri loss prevention",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.5.0"
},
{
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.7"
},
{
"model": "mysql enterprise monitor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "3.2.8.2223"
},
{
"model": "transportation management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "6.3.6"
},
{
"model": "oncommand shift",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "retail convenience and fuel pos software",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "2.1.132"
},
{
"model": "tomcat",
"scope": "lt",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.73"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "6.0.0 from 6.0.47"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "7.0.0 from 7.0.72"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "8.0.0.rc1 from 8.0.38"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "8.5.0 from 8.5.6"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "9.0.0.m1 from 9.0.0.m11"
},
{
"model": "mailshooter",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "simpwright",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6"
},
{
"model": "simpwright",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7"
},
{
"model": "spoolserver series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "reportfiling ver5.2 to 6.2"
},
{
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "cosminexus application server version 5",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus component container",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer light version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer professional version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer standard version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer version 5",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base version 5"
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base version 6"
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light version"
},
{
"model": "embedded cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"model": "jp1/cm2/network node manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "jp1/network node manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "-r"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "express"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard-r"
},
{
"model": "ucosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server smart edition",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "01"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for atm"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for plug-in"
},
{
"model": "ucosminexus developer light",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base(64)"
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- messaging"
},
{
"model": "programming environment for java",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.3"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.38"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.37"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.36"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.34"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.33"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.30"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.72"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.70"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.69"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.67"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.65"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.59"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.57"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.54"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.53"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.50"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.33"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.32"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.31"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.30"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.29"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.28"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.27"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.26"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.25"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.24"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.23"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.16"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.15"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.14"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.13"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.7"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.47"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.44"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.43"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.41"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.37"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.36"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.28"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.27"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.26"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.25"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.24"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.20"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.18"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.17"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.16"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.15"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.14"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.13"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.9"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.7"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0"
},
{
"model": "tomcat 9.0.0.m9",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m5",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m4",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m3",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m2",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m11",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m10",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.32"
},
{
"model": "tomcat 8.0.0.rc1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc6",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc5",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc3",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc10",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat rc5",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "tomcat rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "tomcat rc10",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "tomcat rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.68"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.55"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.49"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.48"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.47"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.46"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.45"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.44"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.43"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.42"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.41"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.40"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.39"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.38"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.37"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.36"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.34"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.22"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.21"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.20"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.19"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.18"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.45"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.42"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.39"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.33"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.32"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.31"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.30"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.29"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.19"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.8"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.39"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.73"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.48"
},
{
"model": "tomcat 9.0.0.m13",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "94463"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:tomcat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:mailshooter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:simpwright",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:spoolserver",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_version_5",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_component_container",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_version_5",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:embedded_cosminexus_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_cm2_network_node_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_network_node_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_light",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_architect",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_platform",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:programming_environment_for_java",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ubuntu",
"sources": [
{
"db": "PACKETSTORM",
"id": "140692"
},
{
"db": "PACKETSTORM",
"id": "159413"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
}
],
"trust": 0.9
},
"cve": "CVE-2016-8735",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-8735",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-8735",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-8735",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-609",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2016-8735",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn\u0027t updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types. The Apache Software Foundation From Apache Tomcat Updates for the following multiple vulnerabilities have been released: * * HTTP Response falsification (CVE-2016-6816) * * Service operation interruption (DoS) (CVE-2016-6817) * * Arbitrary code execution (CVE-2016-8735)Expected impact varies depending on each vulnerability, but information leakage, service operation interruption (DoS) May be affected by arbitrary code execution. Apache Tomcat is prone to a remote code-execution vulnerability. \nSuccessfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. \nThe following versions are affected:\nApache Tomcat 9.0.0.M1 to 9.0.0.M11. \nApache Tomcat 8.5.0 to 8.5.6. \nApache Tomcat 8.0.0.RC1 to 8.0.38. \nApache Tomcat 7.0.0 to 7.0.72. \nApache Tomcat 6.0.0 to 6.0.47. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Web Server 3.1.0 security and enhancement update\nAdvisory ID: RHSA-2017:0455-01\nProduct: Red Hat JBoss Web Server\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:0455\nIssue date: 2015-11-12\nUpdated on: 2017-03-07\nCVE Names: CVE-2016-0762 CVE-2016-1240 CVE-2016-3092 \n CVE-2016-5018 CVE-2016-6325 CVE-2016-6794 \n CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 \n CVE-2016-8735 CVE-2016-8745 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Web Server 3 for RHEL 6. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Web Server 3.1 for RHEL 6 - i386, noarch, ppc64, x86_64\n\n3. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. \n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for\nRed Hat JBoss Web Server 3.0.3, and includes enhancements. \n\nSecurity Fix(es):\n\n* It was reported that the Tomcat init script performed unsafe file\nhandling, which could result in local privilege escalation. (CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as writeable\nto the tomcat group. A member of the group or a malicious web application\ndeployed on Tomcat could use this flaw to escalate their privileges. \n(CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of\nOracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included\nin EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat\ninstance built from source, using the EWS 2.x, or JWS 3.x distributions, an\nattacker could use this flaw to launch a remote code execution attack on\nyour deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons FileUpload\nthat occurred when the length of the multipart boundary was just below the\nsize of the buffer (4096 bytes) used to read the uploaded file if the\nboundary was the typical tens of bytes long. (CVE-2016-3092)\n\n* It was discovered that the code that parsed the HTTP request line\npermitted invalid characters. This could be exploited, in conjunction with\na proxy that also permitted the invalid characters but with a different\ninterpretation, to inject data into the HTTP response. By manipulating the\nHTTP response the attacker could poison a web-cache, perform an XSS attack,\nor obtain sensitive information from requests other then their own. \n(CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body. \n(CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if the\nsupplied user name did not exist. This made a timing attack possible to\ndetermine valid user names. Note that the default configuration includes\nthe LockOutRealm which makes exploitation of this vulnerability harder. \n(CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via a Tomcat utility method that was accessible\nto web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat\u0027s\nsystem property replacement feature for configuration files could be used\nby a malicious web application to bypass the SecurityManager and read\nsystem properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via manipulation of the configuration parameters\nfor the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access\nany global JNDI resource whether an explicit ResourceLink had been\nconfigured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security. \n\nEnhancement(s):\n\nThis enhancement update adds the Red Hat JBoss Web Server 3.1.0 packages to\nRed Hat Enterprise Linux 6. These packages provide a number of enhancements\nover the previous version of Red Hat JBoss Web Server. (JIRA#JWS-267)\n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these updated\npackages, which add this enhancement. \n\n4. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1349468 - CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service\n1367447 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation\n1376712 - CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation\n1390493 - CVE-2016-6797 tomcat: unrestricted access to global resources\n1390515 - CVE-2016-6796 tomcat: security manager bypass via JSP Servlet config parameters\n1390520 - CVE-2016-6794 tomcat: system property disclosure\n1390525 - CVE-2016-5018 tomcat: security manager bypass via IntrospectHelper utility function\n1390526 - CVE-2016-0762 tomcat: timing attack in Realm implementation\n1397484 - CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests\n1397485 - CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener\n1403824 - CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing\n\n6. JIRA issues fixed (https://issues.jboss.org/):\n\nJWS-267 - RHEL 6 Errata JIRA\n\n7. Package List:\n\nRed Hat JBoss Web Server 3.1 for RHEL 6:\n\nSource:\nhibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.src.rpm\njbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el6.src.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.src.rpm\nmod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el6.src.rpm\ntomcat-native-1.2.8-9.redhat_9.ep7.el6.src.rpm\ntomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el6.src.rpm\ntomcat7-7.0.70-16.ep7.el6.src.rpm\ntomcat8-8.0.36-17.ep7.el6.src.rpm\n\ni386:\njbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.i686.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.i686.rpm\ntomcat-native-1.2.8-9.redhat_9.ep7.el6.i686.rpm\ntomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el6.i686.rpm\n\nnoarch:\nhibernate4-c3p0-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm\nhibernate4-core-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm\nhibernate4-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm\nhibernate4-entitymanager-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm\nhibernate4-envers-eap6-4.2.23-1.Final_redhat_1.1.ep6.el6.noarch.rpm\njbcs-httpd24-apache-commons-daemon-1.0.15-1.redhat_2.1.jbcs.el6.noarch.rpm\njbcs-httpd24-runtime-1-3.jbcs.el6.noarch.rpm\nmod_cluster-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm\nmod_cluster-tomcat7-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm\nmod_cluster-tomcat8-1.3.5-2.Final_redhat_2.1.ep7.el6.noarch.rpm\ntomcat-vault-1.0.8-9.Final_redhat_2.1.ep7.el6.noarch.rpm\ntomcat7-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-admin-webapps-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-docs-webapp-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-el-2.2-api-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-javadoc-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-jsp-2.2-api-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-jsvc-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-lib-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-log4j-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-selinux-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-servlet-3.0-api-7.0.70-16.ep7.el6.noarch.rpm\ntomcat7-webapps-7.0.70-16.ep7.el6.noarch.rpm\ntomcat8-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-admin-webapps-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-docs-webapp-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-el-2.2-api-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-javadoc-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-jsp-2.3-api-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-jsvc-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-lib-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-log4j-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-selinux-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-servlet-3.1-api-8.0.36-17.ep7.el6.noarch.rpm\ntomcat8-webapps-8.0.36-17.ep7.el6.noarch.rpm\n\nppc64:\njbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.ppc64.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.ppc64.rpm\n\nx86_64:\njbcs-httpd24-apache-commons-daemon-jsvc-1.0.15-17.redhat_2.jbcs.el6.x86_64.rpm\njbcs-httpd24-apache-commons-daemon-jsvc-debuginfo-1.0.15-17.redhat_2.jbcs.el6.x86_64.rpm\ntomcat-native-1.2.8-9.redhat_9.ep7.el6.x86_64.rpm\ntomcat-native-debuginfo-1.2.8-9.redhat_9.ep7.el6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n8. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0762\nhttps://access.redhat.com/security/cve/CVE-2016-1240\nhttps://access.redhat.com/security/cve/CVE-2016-3092\nhttps://access.redhat.com/security/cve/CVE-2016-5018\nhttps://access.redhat.com/security/cve/CVE-2016-6325\nhttps://access.redhat.com/security/cve/CVE-2016-6794\nhttps://access.redhat.com/security/cve/CVE-2016-6796\nhttps://access.redhat.com/security/cve/CVE-2016-6797\nhttps://access.redhat.com/security/cve/CVE-2016-6816\nhttps://access.redhat.com/security/cve/CVE-2016-8735\nhttps://access.redhat.com/security/cve/CVE-2016-8745\nhttps://access.redhat.com/security/updates/classification/#important\n\n9. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYvww0XlSAg2UNWIIRAnJlAJ9c1cyDXP1/dI30fGjC0wJVDGbw3QCfbnXw\n/PBR7pUGLbNA0xtWDwAi0Xk=\n=Y+gP\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3738-1 security@debian.org\nhttps://www.debian.org/security/ Sebastien Delafond\nDecember 18, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : tomcat7\nCVE ID : CVE-2016-6816 CVE-2016-8735 CVE-2016-9774 CVE-2016-9775\nDebian Bug : 802312 845385 845393\n\nMultiple security vulnerabilities were discovered in the Tomcat\nservlet and JSP engine, as well as in its Debian-specific maintainer\nscripts. Those flaws allowed for privilege escalation, information\ndisclosure, and remote code execution. \n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 7.0.56-3+deb8u6. \n\nFor the testing (stretch) and unstable (sid) distributions, these\nproblems have been fixed in version 7.0.72-3. \n\nWe recommend that you upgrade your tomcat7 packages. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n===========================================================================\nUbuntu Security Notice USN-3177-2\nFebruary 02, 2017\n\ntomcat6, tomcat7 regression\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nUSN-3177-1 introduced a regression in Tomcat. \n\nSoftware Description:\n- tomcat7: Servlet and JSP engine\n- tomcat6: Servlet and JSP engine\n\nDetails:\n\nUSN-3177-1 fixed vulnerabilities in Tomcat. The update introduced a\nregression in environments where Tomcat is started with a security manager. \nThis update fixes the problem. \n\nWe apologize for the inconvenience. A remote attacker could possibly\n use this issue to enumerate usernames. This issue only applied to Ubuntu\n 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. A malicious application could\n possibly use this to bypass Security Manager restrictions. This issue only\n applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. \n (CVE-2016-5018)\n It was discovered that Tomcat did not protect applications from untrusted\n data in the HTTP_PROXY environment variable. A remote attacker could\n possibly use this issue to redirect outbound traffic to an arbitrary proxy\n server. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and\n Ubuntu 16.04 LTS. (CVE-2016-5388)\n It was discovered that Tomcat incorrectly controlled reading system\n properties. A malicious application could possibly use this to bypass\n Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\n Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. A malicious application could possibly use this to bypass\n Security Manager restrictions. This issue only applied to Ubuntu 12.04 LTS,\n Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. This issue only applied to\n Ubuntu 12.04 LTS, Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-6816)\n Pierre Ernst discovered that the Tomcat JmxRemoteLifecycleListener did not\n implement a recommended fix. (CVE-2016-8745)\n Paul Szabo discovered that the Tomcat package incorrectly handled upgrades\n and removals. A local attacker could possibly use this issue to obtain\n root privileges. (CVE-2016-9774, CVE-2016-9775)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 LTS:\n libtomcat7-java 7.0.52-1ubuntu0.9\n tomcat7 7.0.52-1ubuntu0.9\n\nUbuntu 12.04 LTS:\n libtomcat6-java 6.0.35-1ubuntu3.10\n tomcat6 6.0.35-1ubuntu3.10\n\nIn general, a standard system update will make all the necessary changes. \n(JIRA#JWS-268)\n\n4",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8735"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "BID",
"id": "94463"
},
{
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "140199"
},
{
"db": "PACKETSTORM",
"id": "140692"
},
{
"db": "PACKETSTORM",
"id": "159413"
},
{
"db": "PACKETSTORM",
"id": "141513"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "PACKETSTORM",
"id": "141510"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-8735",
"trust": 3.5
},
{
"db": "BID",
"id": "94463",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1037331",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU92250735",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159413",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3415",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2016-8735",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141509",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140199",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140692",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141513",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140905",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141510",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"db": "BID",
"id": "94463"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "140199"
},
{
"db": "PACKETSTORM",
"id": "140692"
},
{
"db": "PACKETSTORM",
"id": "159413"
},
{
"db": "PACKETSTORM",
"id": "141513"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "PACKETSTORM",
"id": "141510"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"id": "VAR-201704-1034",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.15072303
},
"last_update_date": "2024-11-28T21:22:18.118000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fixed in Apache Tomcat 8.0.39",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39"
},
{
"title": "Fixed in Apache Tomcat 7.0.73",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73"
},
{
"title": "Fixed in Apache Tomcat 6.0.48",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48"
},
{
"title": "Fixed in Apache Tomcat 9.0.0.M13",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13"
},
{
"title": "Fixed in Apache Tomcat 8.5.8",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8"
},
{
"title": "hitachi-sec-2017-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-107/index.html"
},
{
"title": "hitachi-sec-2019-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-107/index.html"
},
{
"title": "NV17-002",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv17-002.html"
},
{
"title": "hitachi-sec-2017-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-107/index.html"
},
{
"title": "hitachi-sec-2019-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-107/index.html"
},
{
"title": "Apache Tomcat Fixes for remote code execution vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66050"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server security and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170457 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2016-777",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-777"
},
{
"title": "Amazon Linux AMI: ALAS-2016-778",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-778"
},
{
"title": "Red Hat: CVE-2016-8735",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-8735"
},
{
"title": "Amazon Linux AMI: ALAS-2016-776",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-776"
},
{
"title": "Debian Security Advisories: DSA-3738-1 tomcat7 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=8828b9876ebd1ef3e89b0ed4e9499abe"
},
{
"title": "Debian Security Advisories: DSA-3739-1 tomcat8 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=98ef9e44fdad2be0b98f03550515e81a"
},
{
"title": "Arch Linux Advisories: [ASA-201611-22] tomcat6: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201611-22"
},
{
"title": "Ubuntu Security Notice: tomcat6, tomcat7 regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3177-2"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2016-9774: privilege escalation via upgrade",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=8cd48a33e8df530a4a18a79eb337a877"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2016-9775: privilege escalation via removal",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e3359df45e6e8201a268a6c465717fa5"
},
{
"title": "Ubuntu Security Notice: tomcat6, tomcat7, tomcat8 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3177-1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a2bac27fb002bed513645d4775c7275b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - July 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=5f8c525f1408011628af1792207b2099"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=e2a7f287e9acc8c64ab3df71130bc64d"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/QChiLan/jexboss "
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/qashqao/jexboss "
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/joaomatosf/jexboss "
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/milkdevil/jexboss "
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/syadg123/exboss "
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/bibortone/Jexboss "
},
{
"title": "JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool",
"trust": 0.1,
"url": "https://github.com/gyanaa/https-github.com-joaomatosf-jexboss "
},
{
"title": "PentestNote\n\u524d\u671f\u4fe1\u606f\u6536\u96c6\n\u6f0f\u6d1e\u653b\u51fb\n\u9c7c\u53c9\u653b\u51fb\n\u6743\u9650\u7ef4\u6301\n\u75d5\u8ff9\u6e05\u7406\n\u6a2a\u5411\u79fb\u52a8\n\u57df\u4fe1\u606f\u6536\u96c6\n\u5185\u7f51\u6e17\u900f\u5408\u96c6\npayload\u751f\u6210\npayload\u4e0b\u8f7d\u0026\u767d\u540d\u5355bypass\n\u514d\u6740\n\u53cd\u5f39shell\nlinux\u547d\u4ee4\u7b14\u8bb0\ndocker\u547d\u4ee4\u7b14\u8bb0\nubuntu\u8e29\u5751\u8bb0\u5f55\ngit \u7b14\u8bb0\n\u7f16\u7a0b\u8bed\u8a00\u5b66\u4e60\u7b14\u8bb0\n\u8bfb\u4e66\u7b14\u8bb0\n\u6f0f\u6d1e\u7b14\u8bb0",
"trust": 0.1,
"url": "https://github.com/safe6Sec/PentestNote "
},
{
"title": "cyber-security-interview",
"trust": 0.1,
"url": "https://github.com/7hang/cyber-security-interview "
},
{
"title": "==========================================\nJok3r - Network and Web Pentest Framework\n=============\nMain features\n============\nInstallation\n====================\nQuick usage examples\n======================\nTypical usage example\n==================\nFull Documentation\n============================================================\nSupported Services \u0026 Security Checks (Updated on 24/10/2018)",
"trust": 0.1,
"url": "https://github.com/oneplus-x/jok3r "
},
{
"title": "https://github.com/yottaiq/jok3r",
"trust": 0.1,
"url": "https://github.com/yottaiq/jok3r "
},
{
"title": "https://github.com/trganda/dockerv",
"trust": 0.1,
"url": "https://github.com/trganda/dockerv "
},
{
"title": "https://github.com/girlkb/myVulnerabilityRecurrence",
"trust": 0.1,
"url": "https://github.com/girlkb/myVulnerabilityRecurrence "
},
{
"title": "https://github.com/woods-sega/woodswiki",
"trust": 0.1,
"url": "https://github.com/woods-sega/woodswiki "
},
{
"title": "Jok3r v3 beta",
"trust": 0.1,
"url": "https://github.com/virgilcj/jok3r "
},
{
"title": "https://github.com/Transmetal/jok3r",
"trust": 0.1,
"url": "https://github.com/Transmetal/jok3r "
},
{
"title": "Jok3r v3 beta",
"trust": 0.1,
"url": "https://github.com/84KaliPleXon3/jok3r "
},
{
"title": "Jok3r v3 beta",
"trust": 0.1,
"url": "https://github.com/koutto/jok3r "
},
{
"title": "https://github.com/password520/RedTeamer",
"trust": 0.1,
"url": "https://github.com/password520/RedTeamer "
},
{
"title": "https://github.com/klionsec/RedTeamer",
"trust": 0.1,
"url": "https://github.com/klionsec/RedTeamer "
},
{
"title": "A2:2017 Broken Authentication\nA5:2017 Broken Access Control\nA3:2017 Sensitive Data Exposure\nA6:2017 Security Misconfiguration\nA9:2017 Using Components with Known Vulnerabilities\nA10:2017 Insufficient Logging \u0026 Monitoring",
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec "
},
{
"title": "Java-Deserialization-Cheat-Sheet",
"trust": 0.1,
"url": "https://github.com/klausware/Java-Deserialization-Cheat-Sheet "
},
{
"title": "https://github.com/superfish9/pt",
"trust": 0.1,
"url": "https://github.com/superfish9/pt "
},
{
"title": "https://github.com/20142995/pocsuite3",
"trust": 0.1,
"url": "https://github.com/20142995/pocsuite3 "
},
{
"title": "Java-Deserialization-Cheat-Sheet",
"trust": 0.1,
"url": "https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet "
},
{
"title": "Java-Deserialization-Cheat-Sheet",
"trust": 0.1,
"url": "https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet "
},
{
"title": "Java-Deserialization-CVEs",
"trust": 0.1,
"url": "https://github.com/PalindromeLabs/Java-Deserialization-CVEs "
},
{
"title": "SecBooks\nSecBooks\u76ee\u5f55",
"trust": 0.1,
"url": "https://github.com/SexyBeast233/SecBooks "
},
{
"title": "veracode-container-security-finding-parser",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/94463"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2016/dsa-3738"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-9.html"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-8.html"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-7.html"
},
{
"trust": 2.0,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:0456"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:0455"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0457.html"
},
{
"trust": 1.7,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1767684"
},
{
"trust": 1.7,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1767676"
},
{
"trust": 1.7,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1767656"
},
{
"trust": 1.7,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1767644"
},
{
"trust": 1.7,
"url": "http://seclists.org/oss-sec/2016/q4/502"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1037331"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20180607-0001/"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4557-1/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6816"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8735"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6816"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6817"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8735"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92250735/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6817"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6796"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6794"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6797"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0762"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5018"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3415/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159413/ubuntu-security-notice-usn-4557-1.html"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8745"
},
{
"trust": 0.3,
"url": "http://www.apache.org/"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"trust": 0.3,
"url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2017-3431551.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-6325"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6325"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-8735"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-1240"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-8745"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-5018"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-6797"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-6796"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-6816"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3092"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-3092"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1240"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-0762"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-6794"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9775"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-9774"
},
{
"trust": 0.2,
"url": "http://www.ubuntu.com/usn/usn-3177-1"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5388"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/284.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=49851"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/joaomatosf/jexboss"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3177-2/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat6/6.0.35-1ubuntu3.9"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat8/8.0.37-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat8/8.0.32-1ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.8"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat6/6.0.45+dfsg-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4557-1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/solutions/2435491"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3/html-single/3.1_release_notes/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/vulnerabilities/httpoxy"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=webserver\u0026version=3.1.0"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.9"
},
{
"trust": 0.1,
"url": "http://www.ubuntu.com/usn/usn-3177-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat6/6.0.35-1ubuntu3.10"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1659589"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"db": "BID",
"id": "94463"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "140199"
},
{
"db": "PACKETSTORM",
"id": "140692"
},
{
"db": "PACKETSTORM",
"id": "159413"
},
{
"db": "PACKETSTORM",
"id": "141513"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "PACKETSTORM",
"id": "141510"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"db": "BID",
"id": "94463"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "PACKETSTORM",
"id": "141509"
},
{
"db": "PACKETSTORM",
"id": "140199"
},
{
"db": "PACKETSTORM",
"id": "140692"
},
{
"db": "PACKETSTORM",
"id": "159413"
},
{
"db": "PACKETSTORM",
"id": "141513"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "PACKETSTORM",
"id": "141510"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-06T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"date": "2016-11-08T00:00:00",
"db": "BID",
"id": "94463"
},
{
"date": "2017-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"date": "2017-03-08T00:54:47",
"db": "PACKETSTORM",
"id": "141509"
},
{
"date": "2016-12-18T13:55:00",
"db": "PACKETSTORM",
"id": "140199"
},
{
"date": "2017-01-24T01:06:55",
"db": "PACKETSTORM",
"id": "140692"
},
{
"date": "2020-09-30T15:53:50",
"db": "PACKETSTORM",
"id": "159413"
},
{
"date": "2017-03-08T00:57:19",
"db": "PACKETSTORM",
"id": "141513"
},
{
"date": "2017-02-03T15:51:19",
"db": "PACKETSTORM",
"id": "140905"
},
{
"date": "2017-03-08T00:55:08",
"db": "PACKETSTORM",
"id": "141510"
},
{
"date": "2016-11-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"date": "2017-04-06T21:59:00.243000",
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2016-8735"
},
{
"date": "2017-05-23T16:26:00",
"db": "BID",
"id": "94463"
},
{
"date": "2019-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-609"
},
{
"date": "2024-11-21T02:59:57.203000",
"db": "NVD",
"id": "CVE-2016-8735"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "140199"
},
{
"db": "PACKETSTORM",
"id": "140692"
},
{
"db": "PACKETSTORM",
"id": "159413"
},
{
"db": "PACKETSTORM",
"id": "140905"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Tomcat Updates for multiple vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-609"
}
],
"trust": 0.6
}
}
var-201404-0585
Vulnerability from variot
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. Apache Commons FileUpload contains a denial-of-service (DoS) vulnerability. Apache Commons FileUpload provided by Apache Software Foundation contains an issue in processing a multi-part request, which may cause the process to be in an infinite loop. As of 2014 February 12, an exploit tool to attack against this vulnerability has been confirmed. Hitachi Incident Response Team (HIRT) reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Processing a malformed request may cause the condition that the target system does not respond. Attackers can exploit this issue to cause the application to enter an infinite loop which may cause denial-of-service conditions. The following products are vulnerable: Apache Commons FileUpload 1.0 through versions 1.3 Apache Tomcat 8.0.0-RC1 through versions 8.0.1 Apache Tomcat 7.0.0 through versions 7.0.50. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2015:084 http://www.mandriva.com/en/support/security/
Package : tomcat Date : March 28, 2015 Affected: Business Server 2.0
Problem Description:
Updated tomcat package fixes security vulnerabilities:
It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition (CVE-2014-0050).
Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat internals information by leveraging the presence of an untrusted web application with a context.xml, web.xml, .jspx, .tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2013-4590). The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFVFl05mqjQ0CJFipgRAniKAKC/MpUAj48M/7CzWXB4hv87uo99lwCg4Em4 9yRzhuJFw0DWd+dOc4antEU= =SHMh -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Fuse 6.1.0 update Advisory ID: RHSA-2014:0400-03 Product: Red Hat JBoss Fuse Advisory URL: https://rhn.redhat.com/errata/RHSA-2014-0400.html Issue date: 2014-04-14 CVE Names: CVE-2013-2035 CVE-2013-2172 CVE-2013-2192 CVE-2013-4152 CVE-2013-4517 CVE-2013-6429 CVE-2013-6430 CVE-2014-0050 CVE-2014-0054 CVE-2014-0085 CVE-2014-1904 =====================================================================
- Summary:
Red Hat JBoss Fuse 6.1.0, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal.
The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
Red Hat JBoss Fuse 6.1.0 is a minor product release that updates Red Hat JBoss Fuse 6.0.0, and includes several bug fixes and enhancements. Refer to the Release Notes document, available from the link in the References section, for a list of changes.
- Description:
Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform.
Security fixes:
A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block. (CVE-2013-2172)
A flaw was found in the Apache Hadoop RPC protocol. A man-in-the-middle attacker could possibly use this flaw to unilaterally disable bidirectional authentication between a client and a server, forcing a downgrade to simple (unidirectional) authentication. This flaw only affected users who have enabled Hadoop's Kerberos security features. (CVE-2013-2192)
It was discovered that the Spring OXM wrapper did not expose any property for disabling entity resolution when using the JAXB unmarshaller. A remote attacker could use this flaw to conduct XML External Entity (XXE) attacks on web sites, and read files in the context of the user running the application server. (CVE-2013-4152)
It was discovered that the Apache Santuario XML Security for Java project allowed Document Type Definitions (DTDs) to be processed when applying Transforms even when secure validation was enabled. A remote attacker could use this flaw to exhaust all available memory on the system, causing a denial of service. (CVE-2013-4517)
It was found that the Spring MVC SourceHttpMessageConverter enabled entity resolution by default. A remote attacker could use this flaw to conduct XXE attacks on web sites, and read files in the context of the user running the application server. (CVE-2013-6429)
The Spring JavaScript escape method insufficiently escaped some characters. Applications using this method to escape user-supplied content, which would be rendered in HTML5 documents, could be exposed to cross-site scripting (XSS) flaws. (CVE-2013-6430)
A denial of service flaw was found in the way Apache Commons FileUpload handled small-sized buffers used by MultipartStream. (CVE-2014-0050)
It was found that fixes for the CVE-2013-4152 and CVE-2013-6429 XXE issues in Spring were incomplete. Spring MVC processed user-provided XML and neither disabled XML external entities nor provided an option to disable them, possibly allowing a remote attacker to conduct XXE attacks. (CVE-2014-0054)
A cross-site scripting (XSS) flaw was found in the Spring Framework when using Spring MVC. When the action was not specified in a Spring form, the action field would be populated with the requested URI, allowing an attacker to inject malicious content into the form. (CVE-2014-1904)
The HawtJNI Library class wrote native libraries to a predictable file name in /tmp when the native libraries were bundled in a JAR file, and no custom library path was specified. A local attacker could overwrite these native libraries with malicious versions during the window between when HawtJNI writes them and when they are executed. (CVE-2013-2035)
An information disclosure flaw was found in the way Apache Zookeeper stored the password of an administrative user in the log files. A local user with access to these log files could use the exposed sensitive information to gain administrative access to an application using Apache Zookeeper. (CVE-2014-0085)
The CVE-2013-6430 issue was discovered by Jon Passki of Coverity SRL and Arun Neelicattu of the Red Hat Security Response Team, the CVE-2013-2035 issue was discovered by Florian Weimer of the Red Hat Product Security Team, and the CVE-2014-0085 issue was discovered by Graeme Colman of Red Hat.
- Solution:
All users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer Portal are advised to apply this update.
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
958618 - CVE-2013-2035 HawtJNI: predictable temporary file name leading to local arbitrary code execution 999263 - CVE-2013-2172 Apache Santuario XML Security for Java: XML signature spoofing 1000186 - CVE-2013-4152 Spring Framework: XML External Entity (XXE) injection flaw 1001326 - CVE-2013-2192 hadoop: man-in-the-middle vulnerability 1039783 - CVE-2013-6430 Spring Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters 1045257 - CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack 1053290 - CVE-2013-6429 Spring Framework: XML External Entity (XXE) injection flaw 1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 1067265 - CVE-2014-0085 Apache Zookeeper: admin user cleartext password appears in logging 1075296 - CVE-2014-1904 Spring Framework: cross-site scripting flaw when using Spring MVC 1075328 - CVE-2014-0054 Spring Framework: incomplete fix for CVE-2013-4152/CVE-2013-6429
- References:
https://www.redhat.com/security/data/cve/CVE-2013-2035.html https://www.redhat.com/security/data/cve/CVE-2013-2172.html https://www.redhat.com/security/data/cve/CVE-2013-2192.html https://www.redhat.com/security/data/cve/CVE-2013-4152.html https://www.redhat.com/security/data/cve/CVE-2013-4517.html https://www.redhat.com/security/data/cve/CVE-2013-6429.html https://www.redhat.com/security/data/cve/CVE-2013-6430.html https://www.redhat.com/security/data/cve/CVE-2014-0050.html https://www.redhat.com/security/data/cve/CVE-2014-0054.html https://www.redhat.com/security/data/cve/CVE-2014-0085.html https://www.redhat.com/security/data/cve/CVE-2014-1904.html https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=distributions&version=6.1.0 https://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Fuse/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2014 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFTS/JWXlSAg2UNWIIRAh+fAJ9677T5eyaDWJuYLiFlhdkjOhZncgCgwPG0 4iA38miFgmWgRtUp0Xztb6E= =/1+z -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library.
It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. (CVE-2013-4286)
It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied, and back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). Bugs fixed (https://bugzilla.redhat.com/):
1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream 1069905 - CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544 1069921 - CVE-2013-4286 tomcat: multiple content-length header poisoning flaws
-
Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04657823
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04657823 Version: 1
HPSBGN03329 rev.1 - HP SDN VAN Controller, Remote Denial of Service (DoS), Distributed Denial of Service (DDoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2015-05-11 Last Updated: 2015-05-11
Potential Security Impact: Remote Denial of Service (DoS), Distributed Denial of Service (DDoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP SDN VAN Controller. The vulnerabilities could be remotely exploited resulting in Denial of Service (DoS) or a Distributed Denial of Service (DDoS).
References:
CVE-2014-0050 Remote Denial of Service (DoS)
CVE-2015-2122 Remote Distributed Denial of Service (DDoS)
SSRT102049
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP SDN VAN Controller version 2.5 and earlier.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2014-0050 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2015-2122 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP recommends either of the two following workarounds for the vulnerabilities in the HP SDN VAN Controller.
-
The network for the server running the HP SDN VAN Controller management VLAN should be on a separate and isolated "management" VLAN.
-
Configure the firewall on the server running HP SDN VAN Controller so that the only network traffic allowed to the REST port is from trusted servers on the network that need to use the REST layer. For example: the Microsoft Lync Server for Optimizer.
For more detailed information, please refer to the "Securing REST layer Access on HP VAN SDN Controllers" article at the following location:
http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=em r_na-c04676756
HISTORY Version:1 (rev.1) - 11 May 2015 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2015 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ============================================================================ Ubuntu Security Notice USN-2130-1 March 06, 2014
tomcat6, tomcat7 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 13.10
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Tomcat.
Software Description: - tomcat7: Servlet and JSP engine - tomcat6: Servlet and JSP engine
Details:
It was discovered that Tomcat incorrectly handled certain inconsistent HTTP headers. (CVE-2013-4322)
It was discovered that Tomcat incorrectly applied the disableURLRewriting setting when handling a session id in a URL. This issue only applied to Ubuntu 12.04 LTS. This issue only applied to Ubuntu 12.10 and Ubuntu 13.10. (CVE-2014-0050)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.10: libtomcat7-java 7.0.42-1ubuntu0.1
Ubuntu 12.10: libtomcat7-java 7.0.30-0ubuntu1.3
Ubuntu 12.04 LTS: libtomcat6-java 6.0.35-1ubuntu3.4
Ubuntu 10.04 LTS: libtomcat6-java 6.0.24-2ubuntu1.15
In general, a standard system update will make all the necessary changes. Details on the update and each vulnerability are in the KM articles below.
Note: The resolution for each vulnerability listed is to upgrade to SiteScope 11.32IP2 or an even more recent version of SiteScope if available. The SiteScope update can be can found in the personal zone in "my updates" in HPE Software Support Online: https://softwaresupport.hpe.com. The patch for this flaw disables external entity processing by default, and provides a configuration directive to re-enable it. The patch for this flaw disables external entity processing by default, and introduces a property to re-enable it
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0585",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ucosminexus primary server base )",
"scope": "eq",
"trust": 1.5,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.50"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.33"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.32"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.31"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.30"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.29"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.28"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.27"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.26"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.25"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.24"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.23"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.16"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.15"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.14"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.13"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.9"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.7"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.40"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.22"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.21"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.20"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.19"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.18"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.10"
},
{
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.2.2"
},
{
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.2.1"
},
{
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.2"
},
{
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.1.1"
},
{
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.1"
},
{
"model": "commons fileupload",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "1.0"
},
{
"model": "ucosminexus service platform )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "ucosminexus service platform )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "ucosminexus primary server base )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "ucosminexus application server )",
"scope": "eq",
"trust": 1.2,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.34"
},
{
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.42"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.17"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.44"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.47"
},
{
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.48"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.45"
},
{
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.41"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.37"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.46"
},
{
"model": "retail applications",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0in"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.49"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.43"
},
{
"model": "commons fileupload",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "1.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.38"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.36"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.39"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "ucosminexus application server )",
"scope": "eq",
"trust": 0.9,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "7.0.0 to 7.0.50"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "8.0.0-rc1 to 8.0.1"
},
{
"model": "commons fileupload",
"scope": "eq",
"trust": 0.8,
"vendor": "apache",
"version": "1.0 to 1.3"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-60"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"model": "ucosminexus service platform hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "ucosminexus service platform (windows(x8",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"model": "ucosminexus service platform hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "ucosminexus service platform (windows(x6",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "ucosminexus service platform hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "ucosminexus service architect )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "ucosminexus service architect )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-60"
},
{
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"model": "ucosminexus primary server base (windows(x8",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"model": "ucosminexus primary server base hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "ucosminexus primary server base (windows(x6",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "ucosminexus primary server base",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "ucosminexus primary server base hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "ucosminexus developer )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "ucosminexus developer )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "ucosminexus application server-r )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "ucosminexus application server-r )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "ucosminexus application server hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "ucosminexus application server (windows(x8",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"model": "ucosminexus application server hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "ucosminexus application server (windows(x6",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "ucosminexus application server hp-ux",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "programming environment for java )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "programming environment for java )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50-03"
},
{
"model": "cosminexus component container )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "cosminexus component container )",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "cosminexus component container window",
"scope": "ne",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50-04"
},
{
"model": "cosminexus component container",
"scope": "ne",
"trust": 0.6,
"vendor": "hitachi",
"version": "09-50-04"
},
{
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.5"
},
{
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.1"
},
{
"model": "vcenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.0"
},
{
"model": "vcenter orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.5"
},
{
"model": "vcenter orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.1"
},
{
"model": "vcenter orchestrator",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "4.2"
},
{
"model": "vcenter operations management suite",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.8.1"
},
{
"model": "vcenter operations management suite",
"scope": "eq",
"trust": 0.3,
"vendor": "vmware",
"version": "5.7.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "13.10"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.10"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "12.04"
},
{
"model": "linux 10.04.lts",
"scope": null,
"trust": 0.3,
"vendor": "ubuntu",
"version": null
},
{
"model": "linux enterprise server sp3 for vmware",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "suse",
"version": "11"
},
{
"model": "internet sales",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.54"
},
{
"model": "internet sales",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.33"
},
{
"model": "internet sales",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.32"
},
{
"model": "internet sales",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.31"
},
{
"model": "internet sales",
"scope": "eq",
"trust": 0.3,
"vendor": "sap",
"version": "7.30"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 0.3,
"vendor": "s u s e",
"version": "12.3"
},
{
"model": "jboss operations network",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.2.1"
},
{
"model": "jboss operations network",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "3.2.0"
},
{
"model": "jboss fuse service works",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.0"
},
{
"model": "jboss fuse",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "jboss enterprise web server el6",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "jboss enterprise web server el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "2.0"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2.1"
},
{
"model": "jboss enterprise application platform",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2"
},
{
"model": "jboss enterprise application platform el6",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "jboss enterprise application platform el5",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "jboss brms",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.1"
},
{
"model": "jboss brms",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.0"
},
{
"model": "jboss bpms",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.1"
},
{
"model": "jboss bpms",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "jboss a-mq",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.0.0"
},
{
"model": "fuse esb enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.1.0"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server eus 6.5.z",
"scope": null,
"trust": 0.3,
"vendor": "redhat",
"version": null
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "weblogic portal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.3.6.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.18.0"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.6.2"
},
{
"model": "webcenter sites",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.1.1.6.1"
},
{
"model": "retail returns management rm2.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail returns management 12.0in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "retail returns management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail open commerce platform",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "retail central office rm2.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail central office 12.0in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "retail central office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "retail back office rm2.0",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "14.0"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.3"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.2"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "13.0"
},
{
"model": "retail back office 12.0in",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "retail back office",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.0"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0.10"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.16"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.15"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.14"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3.13"
},
{
"model": "mysql enterprise monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3"
},
{
"model": "health sciences empirica study",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1.2.0"
},
{
"model": "health sciences empirica signal",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7.3.3.3"
},
{
"model": "health sciences empirica inspections",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.0.1.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.2"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.2"
},
{
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.1"
},
{
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.0"
},
{
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.4"
},
{
"model": "endeca information discovery studio",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.3"
},
{
"model": "communications service broker engineered system edition",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "communications service broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "communications service broker",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.0"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "12.1.1"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10.4.1"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.9.1"
},
{
"model": "communications policy management",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "9.7.3"
},
{
"model": "communications online mediation controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "communications converged application server service controller",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.1.00.10"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.3"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.1.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2.0.00.27"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "3.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.2"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.1"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "2.0"
},
{
"model": "application express",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "1.5"
},
{
"model": "application express 1.1-ea",
"scope": null,
"trust": 0.3,
"vendor": "oracle",
"version": null
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1x8664"
},
{
"model": "business server",
"scope": "eq",
"trust": 0.3,
"vendor": "mandriva",
"version": "1"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "websphere portal",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "websphere message broker for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "websphere message broker",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.0"
},
{
"model": "websphere lombardi edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1.0"
},
{
"model": "websphere extended deployment compute grid",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0.0"
},
{
"model": "websphere extended deployment compute",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "websphere dashboard framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "websphere business monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "websphere application server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.1"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0.0"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.1"
},
{
"model": "web experience factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.3"
},
{
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.2"
},
{
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.1"
},
{
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.0.1"
},
{
"model": "urbancode release",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.13"
},
{
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.12"
},
{
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.11"
},
{
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1"
},
{
"model": "urbancode deploy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0"
},
{
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1100"
},
{
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1000"
},
{
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.1000"
},
{
"model": "tivoli storage manager operations center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4100"
},
{
"model": "tivoli remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.1.2"
},
{
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.1"
},
{
"model": "tivoli endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "tivoli endpoint manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2.1"
},
{
"model": "tivoli endpoint manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "tivoli endpoint manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "tivoli composite application manager for application diagnostics",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "tivoli asset discovery for distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "tivoli asset discovery for distributed",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2.0"
},
{
"model": "tivoli application dependency discovery manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.21"
},
{
"model": "support assistant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.40"
},
{
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.20"
},
{
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.3.2"
},
{
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.2.1"
},
{
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.2.0"
},
{
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.1.1"
},
{
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.1.0"
},
{
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.4.0.4"
},
{
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.2.3"
},
{
"model": "storwize unified software",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v70001.3.0.0"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.7"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.6"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.5"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.2"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.0"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.0.6"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.0.0"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.0"
},
{
"model": "sterling secure proxy",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.3.01"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.41"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4.1"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.4"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.3"
},
{
"model": "sterling control center",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "sametime proxy server and web client",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"model": "sametime proxy server and web client",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "sametime meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.1"
},
{
"model": "sametime meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0"
},
{
"model": "sametime meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2.1"
},
{
"model": "sametime meeting server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.16"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.02"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.01"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.5"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.4"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.3"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "rational team concert",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.01"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0"
},
{
"model": "rational software architect design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.1"
},
{
"model": "rational rhapsody design manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "rational requirements composer ifix1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.16"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.16"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.2"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.04"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.02"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.01"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.2"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0.1"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.3"
},
{
"model": "rational requirements composer",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0.0.1"
},
{
"model": "rational engineering lifecycle manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.5"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.4"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.3"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.1"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.6"
},
{
"model": "rational doors next generation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.0"
},
{
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0.2"
},
{
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "operational decision manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "omnifind enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "lotus widget factory",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "0"
},
{
"model": "lotus mashups",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.0.1"
},
{
"model": "lotus mashups",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.0.2"
},
{
"model": "license metric tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "license metric tool",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2.2"
},
{
"model": "interact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "interact",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "integration bus for z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"model": "integration bus",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0.0.0"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.7"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.5"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.2"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "initiate master data service",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "infosphere master data management server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "infosphere master data management server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.0"
},
{
"model": "infosphere master data management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.0"
},
{
"model": "infosphere mashuphub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "infosphere mashuphub",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0"
},
{
"model": "infosphere guardium data redaction",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5"
},
{
"model": "business monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.1"
},
{
"model": "business monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.02"
},
{
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "forms server",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "forms experience builder",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "forms experience builder",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "flashsystem 9848-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "flashsystem 9848-ac1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "flashsystem 9848-ac0",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "flashsystem 9846-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "flashsystem 9846-ac1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "flashsystem 9846-ac0",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "flashsystem 9840-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "v840"
},
{
"model": "flashsystem 9848-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"model": "flashsystem 9846-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"model": "flashsystem 9843-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"model": "flashsystem 9840-ae1",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "840"
},
{
"model": "flashsystem",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8400"
},
{
"model": "filenet services for lotus quickr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "filenet p8 application engine",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0.2"
},
{
"model": "filenet content manager workplace xt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.5"
},
{
"model": "filenet content manager workplace xt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.4"
},
{
"model": "filenet content manager workplace xt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.3"
},
{
"model": "filenet content manager workplace xt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.2"
},
{
"model": "filenet content manager workplace xt",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1.1"
},
{
"model": "filenet content manager",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0"
},
{
"model": "filenet collaboration services",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.0.2"
},
{
"model": "filenet business process framework",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1"
},
{
"model": "endpoint manager for remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1.0"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "distributed marketing",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "db2 query management facility for websphere fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.122"
},
{
"model": "db2 query management facility for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "db2 query management facility for websphere fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.11"
},
{
"model": "db2 query management facility for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "11.1"
},
{
"model": "db2 query management facility for websphere fix pack",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.19"
},
{
"model": "db2 query management facility for websphere",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "10.1"
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.1"
},
{
"model": "dataquant",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.19"
},
{
"model": "content manager services for lotus quickr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.1"
},
{
"model": "content manager services for lotus quickr",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "1.0"
},
{
"model": "content integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.1"
},
{
"model": "content integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "content foundation",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.0"
},
{
"model": "content analytics with enterprise search",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0"
},
{
"model": "content analytics with enterprise search",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "2.2"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.0"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.1"
},
{
"model": "connections",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "3.0.1.0"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.1"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "9.0"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.6"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.3"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.2"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.1"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.6"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.4"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.3"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.2"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1"
},
{
"model": "campaign",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.0"
},
{
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.5"
},
{
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.4"
},
{
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.3"
},
{
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.2"
},
{
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.6"
},
{
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.5"
},
{
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.4"
},
{
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2.1"
},
{
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "5.2"
},
{
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.5.4"
},
{
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.5.3"
},
{
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.5.2"
},
{
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.4.5"
},
{
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.4.4"
},
{
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.4.3"
},
{
"model": "c\u00faram social program management",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "4.5"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0"
},
{
"model": "business process manager standard",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"model": "business process manager express",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"model": "business process manager advanced on z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.0"
},
{
"model": "business process manager advanced on z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"model": "business process manager advanced on z/os",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5.5"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.5"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.0"
},
{
"model": "business process manager advanced",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "7.5.0"
},
{
"model": "business monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "ibm",
"version": "8.0.1"
},
{
"model": "usg9580 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "usg9560 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "usg9520 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "eudemon8000e-x8 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "eudemon8000e-x3 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "eudemon8000e-x16 v200r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "espace meeting portal v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "anyoffice v200r002c10spc500",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "antiddos v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "8080"
},
{
"model": "antiddos v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "8060"
},
{
"model": "antiddos v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "8030"
},
{
"model": "antiddos 500-d v100r001c00",
"scope": null,
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "antiddos v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "1550"
},
{
"model": "antiddos v100r001c00",
"scope": "eq",
"trust": 0.3,
"vendor": "huawei",
"version": "1520"
},
{
"model": "sitescope monitors 11.32ip1",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "sitescope monitors",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "11.20"
},
{
"model": "sdn van controller",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.5"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5.1"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.5"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.4"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.3"
},
{
"model": "insight control",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "7.2"
},
{
"model": "ucosminexus service platform (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-60"
},
{
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"model": "ucosminexus service architect hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "ucosminexus service architect (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"model": "ucosminexus service architect hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "ucosminexus service architect (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "ucosminexus service architect hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "ucosminexus primary server base (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"model": "ucosminexus primary server base hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "ucosminexus developer )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0109-50"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-60"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"model": "ucosminexus developer (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"model": "ucosminexus developer hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "ucosminexus developer (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"model": "ucosminexus developer hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "ucosminexus developer (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "ucosminexus developer hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-60"
},
{
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"model": "ucosminexus application server-r hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "ucosminexus application server-r (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"model": "ucosminexus application server-r hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "ucosminexus application server-r (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "ucosminexus application server-r",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "ucosminexus application server-r hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-60"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-02"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"model": "programming environment for java hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "programming environment for java",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "programming environment for java (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-03"
},
{
"model": "programming environment for java hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "programming environment for java (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "programming environment for java",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "programming environment for java hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "programming environment for java",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-10-03"
},
{
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-10"
},
{
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-02-04"
},
{
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-02"
},
{
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01-03"
},
{
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01-02"
},
{
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01-01"
},
{
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01"
},
{
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-00-02"
},
{
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-00-01"
},
{
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-00"
},
{
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51-05"
},
{
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51-04"
},
{
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51-03"
},
{
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51-02"
},
{
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51-01"
},
{
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-51"
},
{
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50-03"
},
{
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50-02"
},
{
"model": "jp1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50"
},
{
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01-06"
},
{
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01-03"
},
{
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-10-01"
},
{
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50-03"
},
{
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50-02"
},
{
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50-01"
},
{
"model": "job management partner 1/it desktop management manager",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-09-50"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-06"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-02"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00-01"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "04-00"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-12"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-11"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-10"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-09"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-08"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-07"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-06"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-04"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-03"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00-01"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-00"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-07"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-06"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-05"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-04"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-03"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-02"
},
{
"model": "it operations director",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-50-01"
},
{
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-02"
},
{
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-01-02"
},
{
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-01-01"
},
{
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "03-01"
},
{
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-53-02"
},
{
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-53-01"
},
{
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-53"
},
{
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-51-01"
},
{
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-51"
},
{
"model": "it operations analyzer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "02-01"
},
{
"model": "cosminexus component container hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-03"
},
{
"model": "cosminexus component container (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-03"
},
{
"model": "cosminexus component container (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-03"
},
{
"model": "cosminexus component container hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-01"
},
{
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50"
},
{
"model": "cosminexus component container (windows(x8",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-10"
},
{
"model": "cosminexus component container (windows(x6",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-10"
},
{
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-10"
},
{
"model": "cosminexus component container hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-08"
},
{
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-08"
},
{
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-02"
},
{
"model": "cosminexus component container hp-ux",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00-01"
},
{
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-00"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.1.1"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.1"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "3.0"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.3"
},
{
"model": "enterprise manager",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "2.0"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip wom hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip wom hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip wom hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip wom hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip wom hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip wom",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "big-ip webaccelerator hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip webaccelerator hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip webaccelerator",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"model": "big-ip webaccelerator hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip webaccelerator hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip webaccelerator hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"model": "big-ip psm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip psm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip psm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip psm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip psm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip psm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip psm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip psm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip psm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip psm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "big-ip pem",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip pem hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip ltm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip ltm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip ltm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip ltm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip ltm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip ltm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip ltm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip ltm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip ltm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip ltm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip ltm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip ltm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "big-ip link controller hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip link controller hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"model": "big-ip link controller",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip link controller hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip link controller hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip link controller hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip link controller hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip link controller hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip link controller hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip link controller hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "big-ip gtm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip gtm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip gtm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip gtm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip gtm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip gtm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip gtm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip gtm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip gtm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip gtm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "big-ip edge gateway hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip edge gateway hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip edge gateway hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip edge gateway hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip edge gateway hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip edge gateway hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip edge gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"model": "big-ip asm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.00"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0.00"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.40"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.0.00"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip asm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip asm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip asm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip asm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip asm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip asm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip asm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip asm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip asm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip asm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip asm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.2"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "big-ip apm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip apm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip apm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip apm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip apm hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip apm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip apm hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip apm hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip apm hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip apm hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip apm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.2.4"
},
{
"model": "big-ip apm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "10.1"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "big-ip analytics hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip analytics hf3",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip analytics hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip analytics hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip analytics hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip analytics hf1",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.1"
},
{
"model": "big-ip analytics hf5",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip analytics hf2",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.2.0"
},
{
"model": "big-ip analytics hf7",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.1.0"
},
{
"model": "big-ip analytics 11.0.0-hf2",
"scope": null,
"trust": 0.3,
"vendor": "f5",
"version": null
},
{
"model": "big-ip analytics",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.0.0"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3"
},
{
"model": "big-ip afm",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip afm hf4",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.3.0"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5.1"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.5"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.1"
},
{
"model": "big-ip aam",
"scope": "eq",
"trust": 0.3,
"vendor": "f5",
"version": "11.4.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "ip office server edition",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "ip office application server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.02"
},
{
"model": "ip office application server sp",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.01"
},
{
"model": "ip office application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "9.0"
},
{
"model": "aura conferencing standard",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "aura conferencing",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "7.0"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.0.2"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.0.1"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.0"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2.0"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1.3"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1.0"
},
{
"model": "clearpass",
"scope": "eq",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "5.0"
},
{
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"model": "tomcat 8.0.0-rc1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"model": "tomcat beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "20"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.41"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.11"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.8.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.6"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.14"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.12"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.11.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.11.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.11"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.10"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.9"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.7"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.6"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.5"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.8"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.7"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.16"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.15.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.15.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.15.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.15"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.14"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.12"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.1.2"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.1.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.2.3.1"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.4"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.1.3"
},
{
"model": "struts",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "2.0.13"
},
{
"model": "commons fileupload",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "1.3"
},
{
"model": "vcenter server update",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "5.52"
},
{
"model": "vcenter operations management suite",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "5.8.2"
},
{
"model": "vcenter operations management suite",
"scope": "ne",
"trust": 0.3,
"vendor": "vmware",
"version": "5.7.3"
},
{
"model": "jboss fuse",
"scope": "ne",
"trust": 0.3,
"vendor": "redhat",
"version": "6.1.0"
},
{
"model": "jboss a-mq",
"scope": "ne",
"trust": 0.3,
"vendor": "redhat",
"version": "6.1.0"
},
{
"model": "urbancode release",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.1.4"
},
{
"model": "urbancode deploy",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.0.14"
},
{
"model": "tivoli storage manager operations center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "7.1200"
},
{
"model": "tivoli storage manager operations center",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "6.4.2000"
},
{
"model": "sterling secure proxy",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "3.4.1.8"
},
{
"model": "infosphere guardium data redaction",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.5.1"
},
{
"model": "filenet business process framework",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "4.1.0.10"
},
{
"model": "db2 query management facility for websphere fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "9.123"
},
{
"model": "db2 query management facility for websphere fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "11.12"
},
{
"model": "db2 query management facility for websphere fix pack",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "10.110"
},
{
"model": "dataquant",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "2.1.2"
},
{
"model": "dataquant",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "1.2.20"
},
{
"model": "connections cr1",
"scope": "ne",
"trust": 0.3,
"vendor": "ibm",
"version": "5.0"
},
{
"model": "espace meeting portal v100r001c00spc303",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "anyoffice v200r002c10l00422",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": null
},
{
"model": "antiddos v100r001c00sph503",
"scope": "ne",
"trust": 0.3,
"vendor": "huawei",
"version": "8000"
},
{
"model": "cosminexus component container hp-ux",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-50-04"
},
{
"model": "clearpass",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.3.2"
},
{
"model": "clearpass",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.2.6"
},
{
"model": "clearpass",
"scope": "ne",
"trust": 0.3,
"vendor": "arubanetworks",
"version": "6.1.4"
},
{
"model": "struts",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "2.3.16.1"
}
],
"sources": [
{
"db": "BID",
"id": "65400"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000017"
},
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:tomcat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:apache:commons_fileupload",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000017"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi Incident Response Team (HIRT) via JPCERT",
"sources": [
{
"db": "BID",
"id": "65400"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0050",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-0050",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2014-000017",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-0050",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2014-000017",
"trust": 0.8,
"value": "Medium"
},
{
"author": "VULMON",
"id": "CVE-2014-0050",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000017"
},
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop\u0027s intended exit conditions. Apache Commons FileUpload contains a denial-of-service (DoS) vulnerability. Apache Commons FileUpload provided by Apache Software Foundation contains an issue in processing a multi-part request, which may cause the process to be in an infinite loop. As of 2014 February 12, an exploit tool to attack against this vulnerability has been confirmed. Hitachi Incident Response Team (HIRT) reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Processing a malformed request may cause the condition that the target system does not respond. \nAttackers can exploit this issue to cause the application to enter an infinite loop which may cause denial-of-service conditions. \nThe following products are vulnerable:\nApache Commons FileUpload 1.0 through versions 1.3\nApache Tomcat 8.0.0-RC1 through versions 8.0.1\nApache Tomcat 7.0.0 through versions 7.0.50. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2015:084\n http://www.mandriva.com/en/support/security/\n _______________________________________________________________________\n\n Package : tomcat\n Date : March 28, 2015\n Affected: Business Server 2.0\n _______________________________________________________________________\n\n Problem Description:\n\n Updated tomcat package fixes security vulnerabilities:\n \n It was discovered that the Apache Commons FileUpload package for Java\n could enter an infinite loop while processing a multipart request with\n a crafted Content-Type, resulting in a denial-of-service condition\n (CVE-2014-0050). \n \n Apache Tomcat 7.x before 7.0.50 allows attackers to obtain Tomcat\n internals information by leveraging the presence of an untrusted web\n application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML\n document containing an external entity declaration in conjunction\n with an entity reference, related to an XML External Entity (XXE)\n issue (CVE-2013-4590). The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFVFl05mqjQ0CJFipgRAniKAKC/MpUAj48M/7CzWXB4hv87uo99lwCg4Em4\n9yRzhuJFw0DWd+dOc4antEU=\n=SHMh\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Fuse 6.1.0 update\nAdvisory ID: RHSA-2014:0400-03\nProduct: Red Hat JBoss Fuse\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2014-0400.html\nIssue date: 2014-04-14\nCVE Names: CVE-2013-2035 CVE-2013-2172 CVE-2013-2192 \n CVE-2013-4152 CVE-2013-4517 CVE-2013-6429 \n CVE-2013-6430 CVE-2014-0050 CVE-2014-0054 \n CVE-2014-0085 CVE-2014-1904 \n=====================================================================\n\n1. Summary:\n\nRed Hat JBoss Fuse 6.1.0, which fixes multiple security issues, several\nbugs, and adds various enhancements, is now available from the Red Hat\nCustomer Portal. \n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\nRed Hat JBoss Fuse 6.1.0 is a minor product release that updates Red Hat\nJBoss Fuse 6.0.0, and includes several bug fixes and enhancements. Refer to\nthe Release Notes document, available from the link in the References\nsection, for a list of changes. \n\n2. Description:\n\nRed Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint,\nflexible, open source enterprise service bus and integration platform. \n\nSecurity fixes:\n\nA flaw was found in the way Apache Santuario XML Security for Java\nvalidated XML signatures. Santuario allowed a signature to specify an\narbitrary canonicalization algorithm, which would be applied to the\nSignedInfo XML fragment. A remote attacker could exploit this to spoof an\nXML signature via a specially crafted XML signature block. (CVE-2013-2172)\n\nA flaw was found in the Apache Hadoop RPC protocol. A man-in-the-middle\nattacker could possibly use this flaw to unilaterally disable bidirectional\nauthentication between a client and a server, forcing a downgrade to simple\n(unidirectional) authentication. This flaw only affected users who have\nenabled Hadoop\u0027s Kerberos security features. (CVE-2013-2192)\n\nIt was discovered that the Spring OXM wrapper did not expose any property\nfor disabling entity resolution when using the JAXB unmarshaller. A remote\nattacker could use this flaw to conduct XML External Entity (XXE) attacks\non web sites, and read files in the context of the user running the\napplication server. (CVE-2013-4152)\n\nIt was discovered that the Apache Santuario XML Security for Java project\nallowed Document Type Definitions (DTDs) to be processed when applying\nTransforms even when secure validation was enabled. A remote attacker could\nuse this flaw to exhaust all available memory on the system, causing a\ndenial of service. (CVE-2013-4517)\n\nIt was found that the Spring MVC SourceHttpMessageConverter enabled entity\nresolution by default. A remote attacker could use this flaw to conduct XXE\nattacks on web sites, and read files in the context of the user running the\napplication server. (CVE-2013-6429)\n\nThe Spring JavaScript escape method insufficiently escaped some characters. \nApplications using this method to escape user-supplied content, which would\nbe rendered in HTML5 documents, could be exposed to cross-site scripting\n(XSS) flaws. (CVE-2013-6430)\n\nA denial of service flaw was found in the way Apache Commons FileUpload\nhandled small-sized buffers used by MultipartStream. (CVE-2014-0050)\n\nIt was found that fixes for the CVE-2013-4152 and CVE-2013-6429 XXE issues\nin Spring were incomplete. Spring MVC processed user-provided XML and\nneither disabled XML external entities nor provided an option to disable\nthem, possibly allowing a remote attacker to conduct XXE attacks. \n(CVE-2014-0054)\n\nA cross-site scripting (XSS) flaw was found in the Spring Framework when\nusing Spring MVC. When the action was not specified in a Spring form, the\naction field would be populated with the requested URI, allowing an\nattacker to inject malicious content into the form. (CVE-2014-1904)\n\nThe HawtJNI Library class wrote native libraries to a predictable file name\nin /tmp when the native libraries were bundled in a JAR file, and no custom\nlibrary path was specified. A local attacker could overwrite these native\nlibraries with malicious versions during the window between when HawtJNI\nwrites them and when they are executed. (CVE-2013-2035)\n\nAn information disclosure flaw was found in the way Apache Zookeeper stored\nthe password of an administrative user in the log files. A local user with\naccess to these log files could use the exposed sensitive information to\ngain administrative access to an application using Apache Zookeeper. \n(CVE-2014-0085)\n\nThe CVE-2013-6430 issue was discovered by Jon Passki of Coverity SRL and\nArun Neelicattu of the Red Hat Security Response Team, the CVE-2013-2035\nissue was discovered by Florian Weimer of the Red Hat Product Security\nTeam, and the CVE-2014-0085 issue was discovered by Graeme Colman of\nRed Hat. \n\n3. Solution:\n\nAll users of Red Hat JBoss Fuse 6.0.0 as provided from the Red Hat Customer\nPortal are advised to apply this update. \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n958618 - CVE-2013-2035 HawtJNI: predictable temporary file name leading to local arbitrary code execution\n999263 - CVE-2013-2172 Apache Santuario XML Security for Java: XML signature spoofing\n1000186 - CVE-2013-4152 Spring Framework: XML External Entity (XXE) injection flaw\n1001326 - CVE-2013-2192 hadoop: man-in-the-middle vulnerability\n1039783 - CVE-2013-6430 Spring Framework: org.spring.web.util.JavaScriptUtils.javaScriptEscape insufficient escaping of characters\n1045257 - CVE-2013-4517 Apache Santuario XML Security for Java: Java XML Signature DoS Attack\n1053290 - CVE-2013-6429 Spring Framework: XML External Entity (XXE) injection flaw\n1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream\n1067265 - CVE-2014-0085 Apache Zookeeper: admin user cleartext password appears in logging\n1075296 - CVE-2014-1904 Spring Framework: cross-site scripting flaw when using Spring MVC\n1075328 - CVE-2014-0054 Spring Framework: incomplete fix for CVE-2013-4152/CVE-2013-6429\n\n5. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2013-2035.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2172.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-2192.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-4152.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-4517.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-6429.html\nhttps://www.redhat.com/security/data/cve/CVE-2013-6430.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0050.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0054.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-0085.html\nhttps://www.redhat.com/security/data/cve/CVE-2014-1904.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=distributions\u0026version=6.1.0\nhttps://access.redhat.com/site/documentation/en-US/Red_Hat_JBoss_Fuse/\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2014 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFTS/JWXlSAg2UNWIIRAh+fAJ9677T5eyaDWJuYLiFlhdkjOhZncgCgwPG0\n4iA38miFgmWgRtUp0Xztb6E=\n=/1+z\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library. \n\nIt was found that when Tomcat processed a series of HTTP requests in which\nat least one request contained either multiple content-length headers, or\none content-length header with a chunked transfer-encoding header, Tomcat\nwould incorrectly handle the request. (CVE-2013-4286)\n\nIt was discovered that the fix for CVE-2012-3544 did not properly resolve a\ndenial of service flaw in the way Tomcat processed chunk extensions and\ntrailing headers in chunked requests. A remote attacker could use this flaw\nto send an excessively long request that, when processed by Tomcat, could\nconsume network bandwidth, CPU, and memory on the Tomcat server. Note that\nchunked transfer encoding is enabled by default. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied, and back up your existing Red\nHat JBoss Web Server installation (including all applications and\nconfiguration files). Bugs fixed (https://bugzilla.redhat.com/):\n\n1062337 - CVE-2014-0050 apache-commons-fileupload: denial of service due to too-small buffer size used by MultipartStream\n1069905 - CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544\n1069921 - CVE-2013-4286 tomcat: multiple content-length header poisoning flaws\n\n6. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c04657823\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04657823\nVersion: 1\n\nHPSBGN03329 rev.1 - HP SDN VAN Controller, Remote Denial of Service (DoS),\nDistributed Denial of Service (DDoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2015-05-11\nLast Updated: 2015-05-11\n\nPotential Security Impact: Remote Denial of Service (DoS), Distributed Denial\nof Service (DDoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP SDN VAN\nController. The vulnerabilities could be remotely exploited resulting in\nDenial of Service (DoS) or a Distributed Denial of Service (DDoS). \n\nReferences:\n\n CVE-2014-0050 Remote Denial of Service (DoS)\n\n CVE-2015-2122 Remote Distributed Denial of Service (DDoS)\n\n SSRT102049\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP SDN VAN Controller version 2.5 and earlier. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2014-0050 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2015-2122 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP recommends either of the two following workarounds for the vulnerabilities\nin the HP SDN VAN Controller. \n\n - The network for the server running the HP SDN VAN Controller management\nVLAN should be on a separate and isolated \"management\" VLAN. \n\n - Configure the firewall on the server running HP SDN VAN Controller so\nthat the only network traffic allowed to the REST port is from trusted\nservers on the network that need to use the REST layer. For example: the\nMicrosoft Lync Server for Optimizer. \n\n For more detailed information, please refer to the \"Securing REST layer\nAccess on HP VAN SDN Controllers\" article at the following location:\n\n http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=em\nr_na-c04676756\n\nHISTORY\nVersion:1 (rev.1) - 11 May 2015 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttps://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2015 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. ============================================================================\nUbuntu Security Notice USN-2130-1\nMarch 06, 2014\n\ntomcat6, tomcat7 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 13.10\n- Ubuntu 12.10\n- Ubuntu 12.04 LTS\n- Ubuntu 10.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Tomcat. \n\nSoftware Description:\n- tomcat7: Servlet and JSP engine\n- tomcat6: Servlet and JSP engine\n\nDetails:\n\nIt was discovered that Tomcat incorrectly handled certain inconsistent\nHTTP headers. (CVE-2013-4322)\n\nIt was discovered that Tomcat incorrectly applied the disableURLRewriting\nsetting when handling a session id in a URL. This issue\nonly applied to Ubuntu 12.04 LTS. This issue only applied to Ubuntu 12.10 and Ubuntu 13.10. \n(CVE-2014-0050)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 13.10:\n libtomcat7-java 7.0.42-1ubuntu0.1\n\nUbuntu 12.10:\n libtomcat7-java 7.0.30-0ubuntu1.3\n\nUbuntu 12.04 LTS:\n libtomcat6-java 6.0.35-1ubuntu3.4\n\nUbuntu 10.04 LTS:\n libtomcat6-java 6.0.24-2ubuntu1.15\n\nIn general, a standard system update will make all the necessary changes. Details on the\nupdate and each vulnerability are in the KM articles below. \n\n **Note:** The resolution for each vulnerability listed is to upgrade to\nSiteScope 11.32IP2 or an even more recent version of SiteScope if available. \nThe SiteScope update can be can found in the personal zone in \"my updates\" in\nHPE Software Support Online: \u003chttps://softwaresupport.hpe.com\u003e. The patch for this flaw disables external entity\nprocessing by default, and provides a configuration directive to re-enable\nit. The patch for this flaw disables external entity\nprocessing by default, and introduces a property to re-enable it",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0050"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000017"
},
{
"db": "BID",
"id": "65400"
},
{
"db": "VULMON",
"id": "CVE-2014-0050"
},
{
"db": "PACKETSTORM",
"id": "131089"
},
{
"db": "PACKETSTORM",
"id": "126144"
},
{
"db": "PACKETSTORM",
"id": "126749"
},
{
"db": "PACKETSTORM",
"id": "131856"
},
{
"db": "PACKETSTORM",
"id": "125580"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "126143"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=31615",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0050",
"trust": 2.9
},
{
"db": "JVN",
"id": "JVN14876762",
"trust": 2.2
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000017",
"trust": 1.9
},
{
"db": "HITACHI",
"id": "HS14-015",
"trust": 1.4
},
{
"db": "HITACHI",
"id": "HS14-017",
"trust": 1.4
},
{
"db": "HITACHI",
"id": "HS14-016",
"trust": 1.4
},
{
"db": "BID",
"id": "65400",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "59232",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59399",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59185",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59187",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59039",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59500",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59184",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60475",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59041",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59183",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58075",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "58976",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59492",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "59725",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "60753",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "57915",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "127215",
"trust": 1.1
},
{
"db": "HITACHI",
"id": "HS14-008",
"trust": 0.3
},
{
"db": "EXPLOIT-DB",
"id": "31615",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-0050",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131089",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126144",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126749",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131856",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125580",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "139721",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "126143",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
},
{
"db": "BID",
"id": "65400"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000017"
},
{
"db": "PACKETSTORM",
"id": "131089"
},
{
"db": "PACKETSTORM",
"id": "126144"
},
{
"db": "PACKETSTORM",
"id": "126749"
},
{
"db": "PACKETSTORM",
"id": "131856"
},
{
"db": "PACKETSTORM",
"id": "125580"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "126143"
},
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"id": "VAR-201404-0585",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41471650857142855
},
"last_update_date": "2024-11-24T20:31:06.558000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Download Apache Commons FileUpload -- Apache Commons FileUpload 1.3.1",
"trust": 0.8,
"url": "http://commons.apache.org/proper/commons-fileupload/download_fileupload.cgi"
},
{
"title": "www-announce mailing list archives -- CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS",
"trust": 0.8,
"url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E"
},
{
"title": "Struts 2.3.16.1",
"trust": 0.8,
"url": "http://struts.apache.org/download.cgi#struts23161"
},
{
"title": "21 February 2014 - Immediately upgrade commons-fileupload to version 1.3.1",
"trust": 0.8,
"url": "http://struts.apache.org/announce.html#a20140221"
},
{
"title": "Apache Tomcat 7.0.52",
"trust": 0.8,
"url": "http://www.apache.org/dist/tomcat/tomcat-7/v7.0.52/"
},
{
"title": "Fixed in Apache Tomcat 8.0.2",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.2"
},
{
"title": "Fixed in Apache Tomcat 7.0.51",
"trust": 0.8,
"url": "http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.51"
},
{
"title": "Apache Tomcat 8.0.3",
"trust": 0.8,
"url": "http://www.apache.org/dist/tomcat/tomcat-8/v8.0.3/"
},
{
"title": "Apache Commons FileUpload 1.3.1 RELEASE NOTES",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc/commons/proper/fileupload/trunk/RELEASE-NOTES.txt?view=markup\u0026pathrev=1565338"
},
{
"title": "Revision 1565143",
"trust": 0.8,
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=r1565143"
},
{
"title": "Interstage Application Server: denial of service (DoS) vulnerability in Java EE 6 (CVE-2014-0050)",
"trust": 0.8,
"url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201401.html"
},
{
"title": "HS14-017",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-017/index.html"
},
{
"title": "HS14-008",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-008/index.html"
},
{
"title": "HS14-015",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-015/index.html"
},
{
"title": "HS14-016",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-016/index.html"
},
{
"title": "1676091",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"title": "1676405",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676405"
},
{
"title": "1676092",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"title": "1676403",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676403"
},
{
"title": "1676401",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676401"
},
{
"title": "1669554",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
},
{
"title": "1675432",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675432"
},
{
"title": "1677724",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677724"
},
{
"title": "1676853",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676853"
},
{
"title": "1677691",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677691"
},
{
"title": "1676656",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676656"
},
{
"title": "1681214",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681214"
},
{
"title": "1676410",
"trust": 0.8,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676410"
},
{
"title": "NV15-004",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv15-004.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"title": "Oracle Critical Patch Update Advisory - January 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - January 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016verbose-2367956.html"
},
{
"title": "Oracle Critical Patch Update Advisory - July 2014",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2014",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html"
},
{
"title": "Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"title": "Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - October 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015verbose-2367954.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
},
{
"title": "Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices",
"trust": 0.8,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014verbose-1972962.html"
},
{
"title": "Bug 1062337",
"trust": 0.8,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337"
},
{
"title": "RHSA-2014:0400",
"trust": 0.8,
"url": "http://rhn.redhat.com/errata/RHSA-2014-0400.html"
},
{
"title": "Huawei-SA-20140707-01-Struts2",
"trust": 0.8,
"url": " http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"
},
{
"title": "January 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2015_critical_patch_update"
},
{
"title": "January 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/january_2016_critical_patch_update"
},
{
"title": "October 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/october_2015_critical_patch_update"
},
{
"title": "October 2016 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/october_2016_critical_patch_update"
},
{
"title": "April 2015 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
},
{
"title": "October 2014 Critical Patch Update Released",
"trust": 0.8,
"url": "https://blogs.oracle.com/security/entry/october_2014_critical_patch_update"
},
{
"title": "VMSA-2014-0007",
"trust": 0.8,
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html"
},
{
"title": "Debian Security Advisories: DSA-2856-1 libcommons-fileupload-java -- denial of service",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=642945afda91c20bf7efbc771575262b"
},
{
"title": "Amazon Linux AMI: ALAS-2014-312",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-312"
},
{
"title": "Ubuntu Security Notice: tomcat6, tomcat7 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2130-1"
},
{
"title": "IBM: Security Bulletin: A vulnerability in Apache Commons Fileupload affects IBM Tivoli Business Service Manager (CVE-2013-2186, CVE-2013-0248, CVE-2016-3092, CVE-2014-0050, 220723)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8bc75a85691b82e540dfdc9fe13fab57"
},
{
"title": "Debian Security Advisories: DSA-2897-1 tomcat7 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=2d279d06ad61c5b596d45790e28df427"
},
{
"title": "Debian CVElist Bug Report Logs: tomcat7: CVE-2013-2071",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=94f2b1959436d579ea8b492b708008b8"
},
{
"title": "Amazon Linux AMI: ALAS-2014-344",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2014-344"
},
{
"title": "Symantec Security Advisories: SA100 : Apache Tomcat Vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=symantec_security_advisories\u0026qid=94a4a81a426ea8a524a402abe366c375"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
},
{
"title": "IBM: IBM Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=8580d3cd770371e2ef0f68ca624b80b0"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=63802a6c83b107c4e6e0c7f9241a66a8"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=744c19dc9f4f70ad58059bf8733ec9c1"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - January 2015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4a692d6d60aa31507cb101702b494c51"
},
{
"title": "IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=55ea315dfb69fce8383762ac64250315"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=05aabe19d38058b7814ef5514aab4c0c"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Shiverino/NPE2223 "
},
{
"title": "cve-2014-0050",
"trust": 0.1,
"url": "https://github.com/jrrdev/cve-2014-0050 "
},
{
"title": "victims-version-search",
"trust": 0.1,
"url": "https://github.com/adedov/victims-version-search "
},
{
"title": "-maven-security-versions",
"trust": 0.1,
"url": "https://github.com/nagauker/-maven-security-versions "
},
{
"title": "maven-security-versions-Travis",
"trust": 0.1,
"url": "https://github.com/klee94/maven-security-versions-Travis "
},
{
"title": "victims",
"trust": 0.1,
"url": "https://github.com/alexsh88/victims "
},
{
"title": "victims",
"trust": 0.1,
"url": "https://github.com/tmpgit3000/victims "
},
{
"title": "maven-security-versions",
"trust": 0.1,
"url": "https://github.com/victims/maven-security-versions "
},
{
"title": "CDL",
"trust": 0.1,
"url": "https://github.com/NCSU-DANCE-Research-Group/CDL "
},
{
"title": "Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications",
"trust": 0.1,
"url": "https://github.com/yuhang-lin/Classified-Distributed-Learning-for-Detecting-Security-Attacks-in-Containerized-Applications "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000017"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000017"
},
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://jvn.jp/en/jp/jvn14876762/index.html"
},
{
"trust": 2.0,
"url": "http://advisories.mageia.org/mgasa-2014-0110.html"
},
{
"trust": 1.5,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0400.html"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676410"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676401"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677724"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675432"
},
{
"trust": 1.4,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-016/index.html"
},
{
"trust": 1.4,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-017/index.html"
},
{
"trust": 1.4,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676403"
},
{
"trust": 1.4,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-015/index.html"
},
{
"trust": 1.4,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0007.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"trust": 1.4,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"trust": 1.4,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0008.html"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0253.html"
},
{
"trust": 1.4,
"url": "http://rhn.redhat.com/errata/rhsa-2014-0252.html"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-2130-1"
},
{
"trust": 1.1,
"url": "http://tomcat.apache.org/security-8.html"
},
{
"trust": 1.1,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1062337"
},
{
"trust": 1.1,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000017"
},
{
"trust": 1.1,
"url": "http://svn.apache.org/r1565143"
},
{
"trust": 1.1,
"url": "http://tomcat.apache.org/security-7.html"
},
{
"trust": 1.1,
"url": "http://blog.spiderlabs.com/2014/02/cve-2014-0050-exploit-with-boundaries-loops-without-boundaries.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/57915"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58976"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59232"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59183"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59500"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/58075"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676853"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59187"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59041"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59185"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59492"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/65400"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59039"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59725"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59399"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676656"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/127215/vmware-security-advisory-2014-0007.html"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/59184"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676405"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60475"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/60753"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677691"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681214"
},
{
"trust": 1.1,
"url": "http://www.vmware.com/security/advisories/vmsa-2014-0012.html"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/dec/23"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"trust": 1.1,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:084"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"trust": 1.1,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669554"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=143136844732487\u0026w=2"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05324755"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05376917"
},
{
"trust": 1.1,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722"
},
{
"trust": 1.1,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.1,
"url": "http://www.debian.org/security/2014/dsa-2856"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202107-39"
},
{
"trust": 1.1,
"url": "http://mail-archives.apache.org/mod_mbox/commons-dev/201402.mbox/%3c52f373fc.9030907%40apache.org%3e"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0050"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0050"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050"
},
{
"trust": 0.4,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0401.html"
},
{
"trust": 0.4,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05324755"
},
{
"trust": 0.4,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0526.html"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100179973"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2014/feb/41"
},
{
"trust": 0.3,
"url": "http://www.apache.org/"
},
{
"trust": 0.3,
"url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html"
},
{
"trust": 0.3,
"url": "http://www.arubanetworks.com/support/alerts/aid-051414.asc"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.3,
"url": "http://commons.apache.org/proper/commons-fileupload//"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668731"
},
{
"trust": 0.3,
"url": "http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15189.html"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004740"
},
{
"trust": 0.3,
"url": "http://seclists.org/bugtraq/2014/jun/151"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680564"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100178813"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0373.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21682645"
},
{
"trust": 0.3,
"url": "http://www.ibm.com/support/docview.wss?uid=swg21669383"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675470"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21671261"
},
{
"trust": 0.3,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs14-008/index.html"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hp.com/hpsc/doc/public/display?docid=emr_na-c04657823"
},
{
"trust": 0.3,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c05376917"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680714"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669021"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg24037189"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671330"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673004"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678830"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0459.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0525.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0527.html"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0528.html"
},
{
"trust": 0.3,
"url": "https://launchpad.support.sap.com/#/notes/2629535"
},
{
"trust": 0.3,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=497256000"
},
{
"trust": 0.3,
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=495289255"
},
{
"trust": 0.3,
"url": "https://rhn.redhat.com/errata/rhsa-2014-0429.html"
},
{
"trust": 0.3,
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/archive/hw-350733.htm"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676853"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678364"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21678373"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684861"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21684286"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21672321"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678359"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21681214,swg21680564"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670373"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670400"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21682055"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004813"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21688411"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21670769"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680366"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671527"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666799"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21674439"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673701"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672717"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667254"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676092"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21676091"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21673260"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673682"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21673581"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004858"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004859"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21672032"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21669020"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=swg21671201"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671653"
},
{
"trust": 0.3,
"url": "https://www-304.ibm.com/support/docview.wss?uid=ssg1s1004819"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21668978"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21671684"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4322"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0050.html"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.3,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6429"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2014-1904.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-6430.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-6429.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2192"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6430"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1904"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4152"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2035"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4152.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0054.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2014-0085.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0085"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2035.html"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2192.html"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0054"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4286"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://github.com/shiverino/npe2223"
},
{
"trust": 0.1,
"url": "https://github.com/jrrdev/cve-2014-0050"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/31615/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32760"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2130-1/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4322"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0075"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0099"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0227"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0119"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0119"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0096"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0149.html"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2014-0268.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0075"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4590"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4590"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0099"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0096"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0227"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/documentation/en-us/red_hat_jboss_fuse/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4517.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4517"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2172"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-2172.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.fuse\u0026downloadtype=distributions\u0026version=6.1.0"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4286.html"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/security/data/cve/cve-2013-4322.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/#package"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/knowledge/articles/11258"
},
{
"trust": 0.1,
"url": "http://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=em"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-2122"
},
{
"trust": 0.1,
"url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.30-0ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat7/7.0.42-1ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat6/6.0.24-2ubuntu1.15"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/tomcat6/6.0.35-1ubuntu3.4"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0033"
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com\u003e."
},
{
"trust": 0.1,
"url": "https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facets"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0114"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0763"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3253"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0107"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-5652"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jboss.amq\u0026downloadtype=distributions\u0026version=6.1.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/site/documentation/en-us/red_hat_jboss_a-mq/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
},
{
"db": "BID",
"id": "65400"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000017"
},
{
"db": "PACKETSTORM",
"id": "131089"
},
{
"db": "PACKETSTORM",
"id": "126144"
},
{
"db": "PACKETSTORM",
"id": "126749"
},
{
"db": "PACKETSTORM",
"id": "131856"
},
{
"db": "PACKETSTORM",
"id": "125580"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "126143"
},
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2014-0050"
},
{
"db": "BID",
"id": "65400"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000017"
},
{
"db": "PACKETSTORM",
"id": "131089"
},
{
"db": "PACKETSTORM",
"id": "126144"
},
{
"db": "PACKETSTORM",
"id": "126749"
},
{
"db": "PACKETSTORM",
"id": "131856"
},
{
"db": "PACKETSTORM",
"id": "125580"
},
{
"db": "PACKETSTORM",
"id": "139721"
},
{
"db": "PACKETSTORM",
"id": "126143"
},
{
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-01T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0050"
},
{
"date": "2014-02-06T00:00:00",
"db": "BID",
"id": "65400"
},
{
"date": "2014-02-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000017"
},
{
"date": "2015-03-30T21:20:12",
"db": "PACKETSTORM",
"id": "131089"
},
{
"date": "2014-04-14T22:28:46",
"db": "PACKETSTORM",
"id": "126144"
},
{
"date": "2014-05-22T01:43:47",
"db": "PACKETSTORM",
"id": "126749"
},
{
"date": "2015-05-11T21:26:02",
"db": "PACKETSTORM",
"id": "131856"
},
{
"date": "2014-03-06T21:44:49",
"db": "PACKETSTORM",
"id": "125580"
},
{
"date": "2016-11-15T00:42:48",
"db": "PACKETSTORM",
"id": "139721"
},
{
"date": "2014-04-14T22:28:32",
"db": "PACKETSTORM",
"id": "126143"
},
{
"date": "2014-04-01T06:27:51.373000",
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2014-0050"
},
{
"date": "2018-07-12T06:00:00",
"db": "BID",
"id": "65400"
},
{
"date": "2016-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000017"
},
{
"date": "2024-11-21T02:01:15.117000",
"db": "NVD",
"id": "CVE-2014-0050"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "65400"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Commons FileUpload vulnerable to denial-of-service (DoS)",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000017"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "65400"
}
],
"trust": 0.3
}
}
var-200708-0154
Vulnerability from variot
The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges. Hitachi uCosminexus is an application server system.
There is a vulnerability in Hitachi uCosminexus's session failover implementation. Remote attackers may use this vulnerability to obtain session-related sensitive data.
Details of the vulnerability are currently unknown.
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.
Download the free PSI BETA from the Secunia website: https://psi.secunia.com/
TITLE: Hitachi Products Cosminexus Component Container Improper Session Data Handling
SECUNIA ADVISORY ID: SA26250
VERIFY ADVISORY: http://secunia.com/advisories/26250/
CRITICAL: Less critical
IMPACT: Security Bypass, Exposure of sensitive information
WHERE:
From local network
SOFTWARE: uCosminexus Application Server http://secunia.com/product/13819/ uCosminexus Service Platform http://secunia.com/product/13823/ uCosminexus Developer http://secunia.com/product/13820/ uCosminexus Service Architect http://secunia.com/product/13821/ Cosminexus 6.x http://secunia.com/product/5795/
DESCRIPTION: A security issue has been reported in Hitachi products, which potentially can be exploited by malicious users to gain knowledge of sensitive information or bypass certain security restrictions.
Please see the vendor's advisory for a list of affected products and versions.
SOLUTION: Please see the vendor's advisory for fix details.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200708-0154",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 1.4,
"vendor": "hitachi",
"version": "enterprise"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 1.4,
"vendor": "hitachi",
"version": "standard"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 1.4,
"vendor": "hitachi",
"version": "light"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 1.4,
"vendor": "hitachi",
"version": "professional"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 1.4,
"vendor": "hitachi",
"version": "standard"
},
{
"model": "ucosminexus erp integrator",
"scope": null,
"trust": 1.4,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus opentp1 web front-end set",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus collaboration portal",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "6"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "6"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus erp integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "electronic form workflow",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus opentp1 web front-end set",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus collaboration portal",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "groupmax collaboration portal",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus erp integrator",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "enterprise version 6"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard version 6"
},
{
"model": "cosminexus collaboration",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "server"
},
{
"model": "cosminexus component container",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light version 6"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional version 6"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard version 6"
},
{
"model": "cosminexus erp integrator",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus/opentp1",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "web front-end set"
},
{
"model": "electronic form workflow",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "developer client set"
},
{
"model": "electronic form workflow",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional library set"
},
{
"model": "electronic form workflow",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard set"
},
{
"model": "groupmax collaboration",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "server"
},
{
"model": "ucosminexus collaboration",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "server"
},
{
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "architect"
},
{
"model": "ucosminexus service",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "platform"
},
{
"model": "ucosminexus/opentp1",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "web front-end set"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "ucosminexus application server standard 06-70-/b",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server standard 06-70-/a",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server enterprise 06-70-/b",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server enterprise 06-70-/a",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "06-70"
},
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus opentp1 web front-end set",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus collaboration portal",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "server"
},
{
"model": "ucosminexus/opentp1 web front-end set",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus erp integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus collaboration server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus application server standard version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "06-70"
},
{
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus application server smart edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus application server enterprise version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-80"
},
{
"model": "groupmax collaboration server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "electronic form workflow standard set",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "electronic form workflow professional library set",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "electronic form workflow developer client set",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "cosminexus/opentp1 web front-end set",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "cosminexus erp integrator",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "cosminexus developer light",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "cosminexus collaboration server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4792"
},
{
"db": "BID",
"id": "25145"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
},
{
"db": "NVD",
"id": "CVE-2007-4124"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_collaboration",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_component_container",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_erp_integrator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_opentp1",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:electronic_form_workflow",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:groupmax_collaboration",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_collaboration",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_erp_integrator",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_opentp1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor disclosed this issue.",
"sources": [
{
"db": "BID",
"id": "25145"
}
],
"trust": 0.3
},
"cve": "CVE-2007-4124",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CVE-2007-4124",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2007-001133",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-4124",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2007-001133",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200708-002",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
},
{
"db": "NVD",
"id": "CVE-2007-4124"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user\u0027s session data, and possibly gain privileges. Hitachi uCosminexus is an application server system. \n\n\u00a0There is a vulnerability in Hitachi uCosminexus\u0027s session failover implementation. Remote attackers may use this vulnerability to obtain session-related sensitive data. \n\n\u00a0Details of the vulnerability are currently unknown. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nDownload the free PSI BETA from the Secunia website:\nhttps://psi.secunia.com/\n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Products Cosminexus Component Container Improper Session Data\nHandling\n\nSECUNIA ADVISORY ID:\nSA26250\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26250/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass, Exposure of sensitive information\n\nWHERE:\n\u003eFrom local network\n\nSOFTWARE:\nuCosminexus Application Server\nhttp://secunia.com/product/13819/\nuCosminexus Service Platform\nhttp://secunia.com/product/13823/\nuCosminexus Developer\nhttp://secunia.com/product/13820/\nuCosminexus Service Architect\nhttp://secunia.com/product/13821/\nCosminexus 6.x\nhttp://secunia.com/product/5795/\n\nDESCRIPTION:\nA security issue has been reported in Hitachi products, which\npotentially can be exploited by malicious users to gain knowledge of\nsensitive information or bypass certain security restrictions. \n\nPlease see the vendor\u0027s advisory for a list of affected products and\nversions. \n\nSOLUTION:\nPlease see the vendor\u0027s advisory for fix details. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4124"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"db": "CNVD",
"id": "CNVD-2007-4792"
},
{
"db": "BID",
"id": "25145"
},
{
"db": "PACKETSTORM",
"id": "58201"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-4124",
"trust": 3.3
},
{
"db": "BID",
"id": "25145",
"trust": 2.7
},
{
"db": "SECUNIA",
"id": "26250",
"trust": 2.6
},
{
"db": "HITACHI",
"id": "HS07-024",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "37852",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-2725",
"trust": 1.6
},
{
"db": "XF",
"id": "35706",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001133",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2007-4792",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200708-002",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "58201",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4792"
},
{
"db": "BID",
"id": "25145"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"db": "PACKETSTORM",
"id": "58201"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
},
{
"db": "NVD",
"id": "CVE-2007-4124"
}
]
},
"id": "VAR-200708-0154",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4792"
}
],
"trust": 0.8833333299999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2007-4792"
}
]
},
"last_update_date": "2024-11-23T22:19:44.222000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HS07-024",
"trust": 0.8,
"url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-024_e/index-e.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-4124"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://secunia.com/advisories/26250"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/25145"
},
{
"trust": 2.0,
"url": "http://www.hitachi-support.com/security_e/vuls_e/hs07-024_e/index-e.html"
},
{
"trust": 1.6,
"url": "http://osvdb.org/37852"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2007/2725"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/35706"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35706"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/2725"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4124"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-4124"
},
{
"trust": 0.3,
"url": "http://www.hds.com/products/storage-software/hitachi-device-manager.html"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13823/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26250/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5795/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13820/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13821/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13819/"
}
],
"sources": [
{
"db": "BID",
"id": "25145"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"db": "PACKETSTORM",
"id": "58201"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
},
{
"db": "NVD",
"id": "CVE-2007-4124"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2007-4792"
},
{
"db": "BID",
"id": "25145"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"db": "PACKETSTORM",
"id": "58201"
},
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
},
{
"db": "NVD",
"id": "CVE-2007-4124"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-4792"
},
{
"date": "2007-07-31T00:00:00",
"db": "BID",
"id": "25145"
},
{
"date": "2008-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"date": "2007-08-01T00:35:42",
"db": "PACKETSTORM",
"id": "58201"
},
{
"date": "2007-08-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-002"
},
{
"date": "2007-08-01T16:17:00",
"db": "NVD",
"id": "CVE-2007-4124"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2007-4792"
},
{
"date": "2015-05-07T17:36:00",
"db": "BID",
"id": "25145"
},
{
"date": "2008-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001133"
},
{
"date": "2007-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200708-002"
},
{
"date": "2024-11-21T00:34:50.467000",
"db": "NVD",
"id": "CVE-2007-4124"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cosminexus Component Container Session Handling Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001133"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200708-002"
}
],
"trust": 0.6
}
}
var-201312-0606
Vulnerability from variot
Hitachi Cosminexus is an application server software.
Hitachi Cosminexus JAX-WS component has a security vulnerability when parsing XML entities. Allows remote attackers to exploit vulnerabilities to obtain arbitrary file and directory information through specially crafted SOAP messages containing references to external entities, leading to the disclosure of sensitive information.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0606",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cosminexus",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "8.x"
},
{
"model": "ucosminexus application server",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 0.6,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "8.x"
},
{
"model": "cosminexus component container",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "9.x"
},
{
"model": "cosminexus",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "9.x"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15508"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-15508",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-15508",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15508"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi Cosminexus is an application server software.\n\nHitachi Cosminexus JAX-WS component has a security vulnerability when parsing XML entities. Allows remote attackers to exploit vulnerabilities to obtain arbitrary file and directory information through specially crafted SOAP messages containing references to external entities, leading to the disclosure of sensitive information.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15508"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECUNIA",
"id": "56142",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-15508",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15508"
}
]
},
"id": "VAR-201312-0606",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15508"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15508"
}
]
},
"last_update_date": "2022-05-17T01:51:11.342000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Hitachi Cosminexus Product XML External Entity Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/41953"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15508"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://secunia.com/advisories/56142/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15508"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-15508"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15508"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15508"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hitachi Cosminexus Product XML External Entity Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15508"
}
],
"trust": 0.6
}
}
var-201703-0328
Vulnerability from variot
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. The Apache Software Foundation From Apache Tomcat Updates for the following multiple vulnerabilities have been released: * * HTTP Response falsification (CVE-2016-6816) * * Service operation interruption (DoS) (CVE-2016-6817) * * Arbitrary code execution (CVE-2016-8735)Expected impact varies depending on each vulnerability, but information leakage, service operation interruption (DoS) May be affected by arbitrary code execution. Apache Tomcat is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Tomcat 9.0.0.M1 through 9.0.0.M11, 8.5.0 through 8.5.6, 8.0.0.RC1 through 8.0.38, 7.0.0 through 7.0.72 and 6.0.0 through 6.0.47 are vulnerable. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch
- Description:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. The newly introduced system property tomcat.util.http.parser.HttpParser.requestTargetAllow can be used to configure Tomcat to accept curly braces ({ and }) and the pipe symbol (|) in not encoded form, as these are often used in URLs without being properly encoded. (CVE-2016-8745)
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: tomcat-7.0.69-11.el7_3.src.rpm
noarch: tomcat-servlet-3.0-api-7.0.69-11.el7_3.noarch.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
Source: tomcat-7.0.69-11.el7_3.src.rpm
noarch: tomcat-servlet-3.0-api-7.0.69-11.el7_3.noarch.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
noarch: tomcat-7.0.69-11.el7_3.noarch.rpm tomcat-admin-webapps-7.0.69-11.el7_3.noarch.rpm tomcat-docs-webapp-7.0.69-11.el7_3.noarch.rpm tomcat-el-2.2-api-7.0.69-11.el7_3.noarch.rpm tomcat-javadoc-7.0.69-11.el7_3.noarch.rpm tomcat-jsp-2.2-api-7.0.69-11.el7_3.noarch.rpm tomcat-jsvc-7.0.69-11.el7_3.noarch.rpm tomcat-lib-7.0.69-11.el7_3.noarch.rpm tomcat-webapps-7.0.69-11.el7_3.noarch.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: tomcat-7.0.69-11.el7_3.src.rpm
noarch: tomcat-7.0.69-11.el7_3.noarch.rpm tomcat-admin-webapps-7.0.69-11.el7_3.noarch.rpm tomcat-el-2.2-api-7.0.69-11.el7_3.noarch.rpm tomcat-jsp-2.2-api-7.0.69-11.el7_3.noarch.rpm tomcat-lib-7.0.69-11.el7_3.noarch.rpm tomcat-servlet-3.0-api-7.0.69-11.el7_3.noarch.rpm tomcat-webapps-7.0.69-11.el7_3.noarch.rpm
Red Hat Enterprise Linux Workstation Optional (v. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- Note: the current version of the following document is available here: https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03302206
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: KM03302206 Version: 1
MFSBGN03837 rev.1 - Network Node Manager i, Multiple Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2018-12-12 Last Updated: 2018-12-12
Potential Security Impact: Remote: Cross-Site Scripting (XSS), Disclosure of Information
Source: Micro Focus, Product Security Response Team
VULNERABILITY SUMMARY A vulnerabilities in Apache Tomcat was addressed by Micro Focus Network Node Manager i. The vulnerability could be exploited Remote Cross-Site Scripting (XSS) and Remote Disclosure of Information
References:
- PSRT110650
- CVE-2016-6816
- CVE-2017-5664
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- HPE Network Node Manager I (NNMi) Software 9.2x, 10.0x, 10.00 Patch 1, 10.00 Patch 2, 10.00 Patch 3, 10.00 Patch 4, 10.00 Patch 5, 10.1x, 10.10 Patch 1, 10.10 Patch 2, 10.10 Patch 3, 10.10 Patch 4, 10.2x, 10.20 Patch 1, 10.20 Patch 2, 10.20 Patch 3, 10.30, 10.30 Patch 1
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
RESOLUTION
Micro Focus has made the following software updates and mitigation information to resolve the vulnerability in Micro Focus Network Node Manager i: Customers using v9.X must upgrade to v10.x and then install the patch below. Patches are available to address the vulnerabilities: For v10.0x: Network Node Manager i 10.00 Patch 8 Linux https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139745 Windows https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139763 For v10.1x: Network Node Manager i 10.10 Patch 7 Linux https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139729 Windows https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139781 For v10.2x: Network Node Manager i 10.20 Patch 6 Linux https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139701 Windows https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139715 For v10.3x: Network Node Manager i 10.30 Patch 2 Linux https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139685 Windows https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/ /facetsearch/document/KM03139693
HISTORY Version:1 (rev.1) - 12 December 2018 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running Micro Focus products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. For other issues about the content of this Security Bulletin, send e-mail to security@microfocus.com.
Report: To report a potential security vulnerability for any supported product: Web form: https://softwaresupport.softwaregrp.com/psrt Email: security@microfocus.com
Subscribe: To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://softwaresupport.softwaregrp.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification Once you are logged in to the portal, please choose security bulletins under product and document types. Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do
Security Bulletin Archive: A list of recently released Security Bulletins is available here: https://softwaresupport.softwaregrp.com/security-vulnerability
Software Product Category: The Software Product Category is represented in the title by the two characters following Micro Focus Security Bulletin.
3P = 3rd Party Software GN = Micro Focus General Software MU = Multi-Platform Software
System management and security procedures must be reviewed frequently to maintain system integrity. Micro Focus is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends that all users determine the applicability of this information to their individual situations and take appropriate action. Micro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, Micro Focus will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright Micro Focus
Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Micro Focus and the names of Micro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. (CVE-2016-6816)
-
An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired. (CVE-2016-8627)
-
It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Web Server security and enhancement update Advisory ID: RHSA-2017:0457-01 Product: Red Hat JBoss Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2017-0457.html Issue date: 2017-03-07 CVE Names: CVE-2016-0762 CVE-2016-1240 CVE-2016-3092 CVE-2016-5018 CVE-2016-6325 CVE-2016-6794 CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 CVE-2016-8735 CVE-2016-8745 =====================================================================
- Summary:
An update is now available for Red Hat JBoss Web Server.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications.
This release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for Red Hat JBoss Web Server 3.0.3, and includes enhancements.
Security Fix(es):
-
It was reported that the Tomcat init script performed unsafe file handling, which could result in local privilege escalation. (CVE-2016-1240)
-
It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. (CVE-2016-6325)
-
The JmxRemoteLifecycleListener was not updated to take account of Oracle's fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included in EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat instance built from source, using the EWS 2.x, or JWS 3.x distributions, an attacker could use this flaw to launch a remote code execution attack on your deployed instance. (CVE-2016-8735)
-
A denial of service vulnerability was identified in Commons FileUpload that occurred when the length of the multipart boundary was just below the size of the buffer (4096 bytes) used to read the uploaded file if the boundary was the typical tens of bytes long. (CVE-2016-6816)
-
A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body. (CVE-2016-8745)
-
The Realm implementations did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder. (CVE-2016-0762)
-
It was discovered that a malicious web application could bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications. (CVE-2016-5018)
-
It was discovered that when a SecurityManager is configured Tomcat's system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible. (CVE-2016-6794)
-
It was discovered that a malicious web application could bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet. (CVE-2016-6796)
-
It was discovered that it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not. (CVE-2016-6797)
The CVE-2016-6325 issue was discovered by Red Hat Product Security.
Enhancement(s):
- This enhancement update adds the Red Hat JBoss Web Server 3.1.0. These packages provide a number of enhancements over the previous version of Red Hat JBoss Web Server.
Users of Red Hat JBoss Web Server are advised to upgrade to these updated packages, which add this enhancement.
- Solution:
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
The References section of this erratum contains a download link (you must log in to download the update).
- Bugs fixed (https://bugzilla.redhat.com/):
1349468 - CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service 1367447 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation 1376712 - CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation 1390493 - CVE-2016-6797 tomcat: unrestricted access to global resources 1390515 - CVE-2016-6796 tomcat: security manager bypass via JSP Servlet config parameters 1390520 - CVE-2016-6794 tomcat: system property disclosure 1390525 - CVE-2016-5018 tomcat: security manager bypass via IntrospectHelper utility function 1390526 - CVE-2016-0762 tomcat: timing attack in Realm implementation 1397484 - CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests 1397485 - CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener 1403824 - CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing
- References:
https://access.redhat.com/security/cve/CVE-2016-0762 https://access.redhat.com/security/cve/CVE-2016-1240 https://access.redhat.com/security/cve/CVE-2016-3092 https://access.redhat.com/security/cve/CVE-2016-5018 https://access.redhat.com/security/cve/CVE-2016-6325 https://access.redhat.com/security/cve/CVE-2016-6794 https://access.redhat.com/security/cve/CVE-2016-6796 https://access.redhat.com/security/cve/CVE-2016-6797 https://access.redhat.com/security/cve/CVE-2016-6816 https://access.redhat.com/security/cve/CVE-2016-8735 https://access.redhat.com/security/cve/CVE-2016-8745 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=webserver&version=3.1.0 https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/3/html-single/3.1_Release_Notes/index.html https://access.redhat.com/security/vulnerabilities/httpoxy https://access.redhat.com/solutions/2435491
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFYvwzSXlSAg2UNWIIRAtstAKC5zAokXNBQnXe+hb9GvSKpngKrSQCgqXa2 zb+BJhQtiHDygDSa59EWVvE= =ZskZ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201703-0328",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "9.0.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.5.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.5.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.38"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.37"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.36"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.34"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.33"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.30"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.27"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.17"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.15"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.9"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.72"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.70"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.69"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.67"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.65"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.59"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.57"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.54"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.53"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.50"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.33"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.32"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.31"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.30"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.29"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.28"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.27"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.26"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.25"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.24"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.23"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.16"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.15"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.14"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.13"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.9"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.7"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.47"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.44"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.43"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.41"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.37"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.36"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.28"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.27"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.26"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.25"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.24"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.20"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.18"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.17"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.16"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.15"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.14"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.13"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.9"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.8"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.7"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.5.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.5.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.5.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.0.32"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.68"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.55"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.49"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.48"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.47"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.46"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.45"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.44"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.43"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.42"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.41"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.40"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.39"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.38"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.37"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.36"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.35"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.34"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.22"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.21"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.20"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.19"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.18"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "7.0.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.45"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.42"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.39"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.33"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.32"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.31"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.30"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.29"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "6.0.19"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.28"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.17"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.21"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.22"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.7"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.56"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.64"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.71"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.12"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.16"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.25"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.23"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.61"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.19"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.46"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.1"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.23"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.26"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.40"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.22"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.51"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.14"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.21"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.62"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.31"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.29"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.66"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.52"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.18"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.20"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.60"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.63"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.11"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.24"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.34"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.10"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "6.0.38"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "7.0.58"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.0.13"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "6.0.0 from 6.0.47"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "7.0.0 from 7.0.72"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "8.0.0.rc1 from 8.0.38"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "8.5.0 from 8.5.6"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "9.0.0.m1 from 9.0.0.m11"
},
{
"model": "mailshooter",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "simpwright",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6"
},
{
"model": "simpwright",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7"
},
{
"model": "spoolserver series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "reportfiling ver5.2 to 6.2"
},
{
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "cosminexus application server version 5",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus component container",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer light version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer professional version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer standard version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer version 5",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base version 5"
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base version 6"
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light version"
},
{
"model": "embedded cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"model": "jp1/cm2/network node manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "jp1/network node manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "-r"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "express"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard-r"
},
{
"model": "ucosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server smart edition",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "01"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for atm"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for plug-in"
},
{
"model": "ucosminexus developer light",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base(64)"
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- messaging"
},
{
"model": "programming environment for java",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux computenode optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux computenode",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux client optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux client",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.3"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "7.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "6.0"
},
{
"model": "tomcat 9.0.0m8",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0m6",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m9",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m5",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m4",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m3",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m2",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m11",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m10",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0.rc1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc6",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc5",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc3",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 8.0.0-rc10",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.0"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.8"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "8.0.39"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "7.0.73"
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "6.0.48"
},
{
"model": "tomcat 9.0.0.m13",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "94461"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-610"
},
{
"db": "NVD",
"id": "CVE-2016-6816"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:tomcat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:mailshooter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:simpwright",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:spoolserver",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_version_5",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_component_container",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_version_5",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:embedded_cosminexus_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_cm2_network_node_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_network_node_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_light",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_architect",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_platform",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:programming_environment_for_java",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "140916"
},
{
"db": "PACKETSTORM",
"id": "142108"
},
{
"db": "PACKETSTORM",
"id": "141637"
},
{
"db": "PACKETSTORM",
"id": "140917"
},
{
"db": "PACKETSTORM",
"id": "140914"
},
{
"db": "PACKETSTORM",
"id": "141513"
}
],
"trust": 0.6
},
"cve": "CVE-2016-6816",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2016-6816",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2016-6816",
"impactScore": 3.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6816",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-610",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-6816",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6816"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-610"
},
{
"db": "NVD",
"id": "CVE-2016-6816"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. The Apache Software Foundation From Apache Tomcat Updates for the following multiple vulnerabilities have been released: * * HTTP Response falsification (CVE-2016-6816) * * Service operation interruption (DoS) (CVE-2016-6817) * * Arbitrary code execution (CVE-2016-8735)Expected impact varies depending on each vulnerability, but information leakage, service operation interruption (DoS) May be affected by arbitrary code execution. Apache Tomcat is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Tomcat 9.0.0.M1 through 9.0.0.M11, 8.5.0 through 8.5.6, 8.0.0.RC1 through 8.0.38, 7.0.0 through 7.0.72 and 6.0.0 through 6.0.47 are vulnerable. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch\nRed Hat Enterprise Linux Workstation (v. 7) - noarch\nRed Hat Enterprise Linux Workstation Optional (v. 7) - noarch\n\n3. Description:\n\nApache Tomcat is a servlet container for the Java Servlet and JavaServer\nPages (JSP) technologies. The newly introduced system property\ntomcat.util.http.parser.HttpParser.requestTargetAllow can be used to\nconfigure Tomcat to accept curly braces ({ and }) and the pipe symbol (|)\nin not encoded form, as these are often used in URLs without being properly\nencoded. \n(CVE-2016-8745)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ntomcat-7.0.69-11.el7_3.src.rpm\n\nnoarch:\ntomcat-servlet-3.0-api-7.0.69-11.el7_3.noarch.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\ntomcat-7.0.69-11.el7_3.src.rpm\n\nnoarch:\ntomcat-servlet-3.0-api-7.0.69-11.el7_3.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nnoarch:\ntomcat-7.0.69-11.el7_3.noarch.rpm\ntomcat-admin-webapps-7.0.69-11.el7_3.noarch.rpm\ntomcat-docs-webapp-7.0.69-11.el7_3.noarch.rpm\ntomcat-el-2.2-api-7.0.69-11.el7_3.noarch.rpm\ntomcat-javadoc-7.0.69-11.el7_3.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-11.el7_3.noarch.rpm\ntomcat-jsvc-7.0.69-11.el7_3.noarch.rpm\ntomcat-lib-7.0.69-11.el7_3.noarch.rpm\ntomcat-webapps-7.0.69-11.el7_3.noarch.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ntomcat-7.0.69-11.el7_3.src.rpm\n\nnoarch:\ntomcat-7.0.69-11.el7_3.noarch.rpm\ntomcat-admin-webapps-7.0.69-11.el7_3.noarch.rpm\ntomcat-el-2.2-api-7.0.69-11.el7_3.noarch.rpm\ntomcat-jsp-2.2-api-7.0.69-11.el7_3.noarch.rpm\ntomcat-lib-7.0.69-11.el7_3.noarch.rpm\ntomcat-servlet-3.0-api-7.0.69-11.el7_3.noarch.rpm\ntomcat-webapps-7.0.69-11.el7_3.noarch.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. Note: the current version of the following document is available here:\nhttps://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03302206\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: KM03302206\nVersion: 1\n\nMFSBGN03837 rev.1 - Network Node Manager i, Multiple Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2018-12-12\nLast Updated: 2018-12-12\n\nPotential Security Impact: Remote: Cross-Site Scripting (XSS), Disclosure of\nInformation\n\nSource: Micro Focus, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA vulnerabilities in Apache Tomcat was addressed by Micro Focus Network Node\nManager i. The vulnerability could be exploited Remote Cross-Site Scripting\n(XSS) and Remote Disclosure of Information\n\nReferences:\n\n - PSRT110650\n - CVE-2016-6816\n - CVE-2017-5664\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n - HPE Network Node Manager I (NNMi) Software 9.2x, 10.0x, 10.00 Patch 1,\n10.00 Patch 2, 10.00 Patch 3, 10.00 Patch 4, 10.00 Patch 5, 10.1x, 10.10\nPatch 1, 10.10 Patch 2, 10.10 Patch 3, 10.10 Patch 4, 10.2x, 10.20 Patch 1,\n10.20 Patch 2, 10.20 Patch 3, 10.30, 10.30 Patch 1\n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n\nRESOLUTION\n\nMicro Focus has made the following software updates and mitigation\ninformation to resolve the vulnerability in Micro Focus Network Node Manager\ni:\nCustomers using v9.X must upgrade to v10.x and then install the patch below. \nPatches are available to address the vulnerabilities:\nFor v10.0x: Network Node Manager i 10.00 Patch 8 \n\tLinux \n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139745](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139745)\n\tWindows\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139763](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139763)\nFor v10.1x: Network Node Manager i 10.10 Patch 7\n\tLinux\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139729](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139729)\n\tWindows\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139781](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139781)\nFor v10.2x: Network Node Manager i 10.20 Patch 6\n\tLinux\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139701](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139701)\n\tWindows\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139715](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139715)\nFor v10.3x: Network Node Manager i 10.30 Patch 2\n\tLinux\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139685](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139685)\n\t Windows\n[https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/\n/facetsearch/document/KM03139693](https://softwaresupport.softwaregrp.com/gro\np/softwaresupport/search-result/-/facetsearch/document/KM03139693) \n\n\nHISTORY\nVersion:1 (rev.1) - 12 December 2018 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on \nsystems running Micro Focus products should be applied in accordance with the customer\u0027s \npatch management policy. \n\nSupport: For issues about implementing the recommendations of this Security Bulletin, contact normal Micro Focus services support channel. \nFor other issues about the content of this Security Bulletin, send e-mail to security@microfocus.com. \n\nReport: To report a potential security vulnerability for any supported product:\n Web form: https://softwaresupport.softwaregrp.com/psrt\n Email: security@microfocus.com\n\nSubscribe:\n To initiate receiving subscriptions for future Micro Focus Security Bulletin alerts via Email, please subscribe here - https://softwaresupport.softwaregrp.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification\n Once you are logged in to the portal, please choose security bulletins under product and document types. \n Please note that you will need to sign in using a Passport account. If you do not have a Passport account yet, you can create one- its free and easy https://cf.passport.softwaregrp.com/hppcf/createuser.do \n\nSecurity Bulletin Archive:\n A list of recently released Security Bulletins is available here: https://softwaresupport.softwaregrp.com/security-vulnerability\n \nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following Micro Focus Security Bulletin. \n\n3P = 3rd Party Software\nGN = Micro Focus General Software\nMU = Multi-Platform Software\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. \nMicro Focus is continually reviewing and enhancing the security features of software products to provide \ncustomers with current secure solutions. \n\n\"Micro Focus is broadly distributing this Security Bulletin in order to bring to the attention of users of the \naffected Micro Focus products the important security information contained in this Bulletin. Micro Focus recommends \nthat all users determine the applicability of this information to their individual situations and take appropriate action. \nMicro Focus does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, \nMicro Focus will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in \nthis Security Bulletin. To the extent permitted by law, Micro Focus disclaims all warranties, either express or \nimplied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\" \n\n\nCopyright Micro Focus\n\nMicro Focus shall not be liable for technical or editorial errors or omissions contained herein. \nThe information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, \nneither Micro Focus nor its affiliates, subcontractors or suppliers will be liable for incidental, special \nor consequential damages including downtime cost; lost profits; damages relating to the procurement of \nsubstitute products or services; or damages for loss of data, or software restoration. \nThe information in this document is subject to change without notice. Micro Focus and the names of \nMicro Focus products referenced herein are trademarks of Micro Focus in the United States and other countries. \nOther product and company names mentioned herein may be trademarks of their respective owners. \n(CVE-2016-6816)\n\n* An EAP feature to download server log files allows logs to be available\nvia GET requests making them vulnerable to cross-origin attacks. An\nattacker could trigger the user\u0027s browser to request the log files\nconsuming enough resources that normal server functioning could be\nimpaired. (CVE-2016-8627)\n\n* It was discovered that when configuring RBAC and marking information as\nsensitive, users with a Monitor role are able to view the sensitive\ninformation. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Web Server security and enhancement update\nAdvisory ID: RHSA-2017:0457-01\nProduct: Red Hat JBoss Web Server\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2017-0457.html\nIssue date: 2017-03-07\nCVE Names: CVE-2016-0762 CVE-2016-1240 CVE-2016-3092 \n CVE-2016-5018 CVE-2016-6325 CVE-2016-6794 \n CVE-2016-6796 CVE-2016-6797 CVE-2016-6816 \n CVE-2016-8735 CVE-2016-8745 \n=====================================================================\n\n1. Summary:\n\nAn update is now available for Red Hat JBoss Web Server. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. \n\nThis release of Red Hat JBoss Web Server 3.1.0 serves as a replacement for\nRed Hat JBoss Web Server 3.0.3, and includes enhancements. \n\nSecurity Fix(es):\n\n* It was reported that the Tomcat init script performed unsafe file\nhandling, which could result in local privilege escalation. (CVE-2016-1240)\n\n* It was discovered that the Tomcat packages installed certain\nconfiguration files read by the Tomcat initialization script as writeable\nto the tomcat group. A member of the group or a malicious web application\ndeployed on Tomcat could use this flaw to escalate their privileges. \n(CVE-2016-6325)\n\n* The JmxRemoteLifecycleListener was not updated to take account of\nOracle\u0027s fix for CVE-2016-3427. JMXRemoteLifecycleListener is only included\nin EWS 2.x and JWS 3.x source distributions. If you deploy a Tomcat\ninstance built from source, using the EWS 2.x, or JWS 3.x distributions, an\nattacker could use this flaw to launch a remote code execution attack on\nyour deployed instance. (CVE-2016-8735)\n\n* A denial of service vulnerability was identified in Commons FileUpload\nthat occurred when the length of the multipart boundary was just below the\nsize of the buffer (4096 bytes) used to read the uploaded file if the\nboundary was the typical tens of bytes long. \n(CVE-2016-6816)\n\n* A bug was discovered in the error handling of the send file code for the\nNIO HTTP connector. This led to the current Processor object being added to\nthe Processor cache multiple times allowing information leakage between\nrequests including, and not limited to, session ID and the response body. \n(CVE-2016-8745)\n\n* The Realm implementations did not process the supplied password if the\nsupplied user name did not exist. This made a timing attack possible to\ndetermine valid user names. Note that the default configuration includes\nthe LockOutRealm which makes exploitation of this vulnerability harder. \n(CVE-2016-0762)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via a Tomcat utility method that was accessible\nto web applications. (CVE-2016-5018)\n\n* It was discovered that when a SecurityManager is configured Tomcat\u0027s\nsystem property replacement feature for configuration files could be used\nby a malicious web application to bypass the SecurityManager and read\nsystem properties that should not be visible. (CVE-2016-6794)\n\n* It was discovered that a malicious web application could bypass a\nconfigured SecurityManager via manipulation of the configuration parameters\nfor the JSP Servlet. (CVE-2016-6796)\n\n* It was discovered that it was possible for a web application to access\nany global JNDI resource whether an explicit ResourceLink had been\nconfigured or not. (CVE-2016-6797)\n\nThe CVE-2016-6325 issue was discovered by Red Hat Product Security. \n\nEnhancement(s):\n\n* This enhancement update adds the Red Hat JBoss Web Server 3.1.0. These\npackages provide a number of enhancements over the previous version of Red\nHat JBoss Web Server. \n\nUsers of Red Hat JBoss Web Server are advised to upgrade to these updated\npackages, which add this enhancement. \n\n3. Solution:\n\nBefore applying the update, back up your existing Red Hat JBoss Web Server\ninstallation (including all applications and configuration files). \n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1349468 - CVE-2016-3092 tomcat: Usage of vulnerable FileUpload package can result in denial of service\n1367447 - CVE-2016-6325 tomcat: tomcat writable config files allow privilege escalation\n1376712 - CVE-2016-1240 tomcat: unsafe chown of catalina.log in tomcat init script allows privilege escalation\n1390493 - CVE-2016-6797 tomcat: unrestricted access to global resources\n1390515 - CVE-2016-6796 tomcat: security manager bypass via JSP Servlet config parameters\n1390520 - CVE-2016-6794 tomcat: system property disclosure\n1390525 - CVE-2016-5018 tomcat: security manager bypass via IntrospectHelper utility function\n1390526 - CVE-2016-0762 tomcat: timing attack in Realm implementation\n1397484 - CVE-2016-6816 tomcat: HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests\n1397485 - CVE-2016-8735 tomcat: Remote code execution vulnerability in JmxRemoteLifecycleListener\n1403824 - CVE-2016-8745 tomcat: information disclosure due to incorrect Processor sharing\n\n5. References:\n\nhttps://access.redhat.com/security/cve/CVE-2016-0762\nhttps://access.redhat.com/security/cve/CVE-2016-1240\nhttps://access.redhat.com/security/cve/CVE-2016-3092\nhttps://access.redhat.com/security/cve/CVE-2016-5018\nhttps://access.redhat.com/security/cve/CVE-2016-6325\nhttps://access.redhat.com/security/cve/CVE-2016-6794\nhttps://access.redhat.com/security/cve/CVE-2016-6796\nhttps://access.redhat.com/security/cve/CVE-2016-6797\nhttps://access.redhat.com/security/cve/CVE-2016-6816\nhttps://access.redhat.com/security/cve/CVE-2016-8735\nhttps://access.redhat.com/security/cve/CVE-2016-8745\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=webserver\u0026version=3.1.0\nhttps://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Web_Server/3/html-single/3.1_Release_Notes/index.html\nhttps://access.redhat.com/security/vulnerabilities/httpoxy\nhttps://access.redhat.com/solutions/2435491\n\n6. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFYvwzSXlSAg2UNWIIRAtstAKC5zAokXNBQnXe+hb9GvSKpngKrSQCgqXa2\nzb+BJhQtiHDygDSa59EWVvE=\n=ZskZ\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6816"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "BID",
"id": "94461"
},
{
"db": "VULMON",
"id": "CVE-2016-6816"
},
{
"db": "PACKETSTORM",
"id": "140916"
},
{
"db": "PACKETSTORM",
"id": "142108"
},
{
"db": "PACKETSTORM",
"id": "141637"
},
{
"db": "PACKETSTORM",
"id": "150775"
},
{
"db": "PACKETSTORM",
"id": "140917"
},
{
"db": "PACKETSTORM",
"id": "140914"
},
{
"db": "PACKETSTORM",
"id": "141513"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41783",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6816"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6816",
"trust": 3.5
},
{
"db": "BID",
"id": "94461",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1037332",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "41783",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU92250735",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159413",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.3415",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1276",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201611-610",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2016-6816",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140916",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "142108",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141637",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150775",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140917",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "140914",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "141513",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6816"
},
{
"db": "BID",
"id": "94461"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "PACKETSTORM",
"id": "140916"
},
{
"db": "PACKETSTORM",
"id": "142108"
},
{
"db": "PACKETSTORM",
"id": "141637"
},
{
"db": "PACKETSTORM",
"id": "150775"
},
{
"db": "PACKETSTORM",
"id": "140917"
},
{
"db": "PACKETSTORM",
"id": "140914"
},
{
"db": "PACKETSTORM",
"id": "141513"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-610"
},
{
"db": "NVD",
"id": "CVE-2016-6816"
}
]
},
"id": "VAR-201703-0328",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.15072303
},
"last_update_date": "2024-11-27T21:03:58.694000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fixed in Apache Tomcat 8.0.39",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39"
},
{
"title": "Fixed in Apache Tomcat 7.0.73",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73"
},
{
"title": "Fixed in Apache Tomcat 6.0.48",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48"
},
{
"title": "Fixed in Apache Tomcat 9.0.0.M13",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13"
},
{
"title": "Fixed in Apache Tomcat 8.5.8",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8"
},
{
"title": "hitachi-sec-2017-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-107/index.html"
},
{
"title": "hitachi-sec-2019-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-107/index.html"
},
{
"title": "NV17-002",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv17-002.html"
},
{
"title": "hitachi-sec-2017-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-107/index.html"
},
{
"title": "hitachi-sec-2019-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-107/index.html"
},
{
"title": "Apache Tomcat Repair measures for security bypass vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66051"
},
{
"title": "Red Hat: Moderate: tomcat6 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170527 - Security Advisory"
},
{
"title": "Red Hat: Moderate: tomcat security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170935 - Security Advisory"
},
{
"title": "Red Hat: Moderate: Red Hat JBoss Enterprise Application Platform security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170247 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170245 - Security Advisory"
},
{
"title": "Red Hat: Important: jboss-ec2-eap security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170250 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170244 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Enterprise Application Platform security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170246 - Security Advisory"
},
{
"title": "Red Hat: CVE-2016-6816",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-6816"
},
{
"title": "Red Hat: Important: Red Hat JBoss Web Server security and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20170457 - Security Advisory"
},
{
"title": "Amazon Linux AMI: ALAS-2017-810",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2017-810"
},
{
"title": "Amazon Linux AMI: ALAS-2016-777",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-777"
},
{
"title": "Amazon Linux AMI: ALAS-2016-778",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-778"
},
{
"title": "Amazon Linux AMI: ALAS-2016-776",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2016-776"
},
{
"title": "Debian Security Advisories: DSA-3738-1 tomcat7 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=8828b9876ebd1ef3e89b0ed4e9499abe"
},
{
"title": "Debian Security Advisories: DSA-3739-1 tomcat8 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=98ef9e44fdad2be0b98f03550515e81a"
},
{
"title": "Arch Linux Advisories: [ASA-201611-22] tomcat6: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=ASA-201611-22"
},
{
"title": "Hitachi Security Advisories: Multiple Vulnerabilities in JP1/Network Node Manager i",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2019-107"
},
{
"title": "Ubuntu Security Notice: tomcat6, tomcat7 regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3177-2"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2016-9774: privilege escalation via upgrade",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=8cd48a33e8df530a4a18a79eb337a877"
},
{
"title": "Debian CVElist Bug Report Logs: CVE-2016-9775: privilege escalation via removal",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=e3359df45e6e8201a268a6c465717fa5"
},
{
"title": "Ubuntu Security Notice: tomcat6, tomcat7, tomcat8 vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-3177-1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a2bac27fb002bed513645d4775c7275b"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - January 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=ecbe5f193404d1e9c62e8323118ae6cf"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=d78b3379ca364568964f30138964c7e7"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=523d3f220a64ff01dd95e064bd37566a"
},
{
"title": "penetration tools\nDonation\nThanks to",
"trust": 0.1,
"url": "https://github.com/touchmycrazyredhat/myhktools "
},
{
"title": "penetration tools\nDonation\nDonation\nThanks to\n\u5148\u77e5\u8bba\u575b\u63a8\u8350\u8fc7\u672c\u9879\u76ee\u201c2.1.3 Web \u6846\u67b6\u201d\nmyhktools",
"trust": 0.1,
"url": "https://github.com/hktalent/myhktools "
},
{
"title": "A2:2017 Broken Authentication\nA5:2017 Broken Access Control\nA3:2017 Sensitive Data Exposure\nA6:2017 Security Misconfiguration\nA9:2017 Using Components with Known Vulnerabilities\nA10:2017 Insufficient Logging \u0026 Monitoring",
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec "
},
{
"title": "veracode-container-security-finding-parser",
"trust": 0.1,
"url": "https://github.com/vincent-deng/veracode-container-security-finding-parser "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6816"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-610"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6816"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/94461"
},
{
"trust": 2.3,
"url": "http://www.debian.org/security/2016/dsa-3738"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/41783/"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/errata/rhsa-2017:0935"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0527.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0457.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0246.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0245.html"
},
{
"trust": 1.8,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0244.html"
},
{
"trust": 1.7,
"url": "https://tomcat.apache.org/security-9.html#fixed_in_apache_tomcat_9.0.0.m13"
},
{
"trust": 1.7,
"url": "https://tomcat.apache.org/security-8.html#fixed_in_apache_tomcat_8.5.8"
},
{
"trust": 1.7,
"url": "https://tomcat.apache.org/security-8.html#fixed_in_apache_tomcat_8.0.39"
},
{
"trust": 1.7,
"url": "https://tomcat.apache.org/security-7.html#fixed_in_apache_tomcat_7.0.73"
},
{
"trust": 1.7,
"url": "https://tomcat.apache.org/security-6.html#fixed_in_apache_tomcat_6.0.48"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1037332"
},
{
"trust": 1.7,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:0456"
},
{
"trust": 1.7,
"url": "https://access.redhat.com/errata/rhsa-2017:0455"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0250.html"
},
{
"trust": 1.7,
"url": "http://rhn.redhat.com/errata/rhsa-2017-0247.html"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20180607-0001/"
},
{
"trust": 1.7,
"url": "https://usn.ubuntu.com/4557-1/"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6816"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8735"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6816"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6817"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8735"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92250735/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6817"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2016-6816"
},
{
"trust": 0.6,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-107/index.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/79014"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3415/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159413/ubuntu-security-notice-usn-4557-1.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://qnalist.com/questions/7885204/security-cve-2016-6816-apache-tomcat-information-disclosure"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/security-6.html"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/security-7.html"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/security-8.html"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/security-9.html"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"trust": 0.3,
"url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2017-3431551.html"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8627"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-7061"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-8656"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8656"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7061"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-8627"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/documentation/en-us/jboss_enterprise_application_platform/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-8745"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8745"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2017:0527"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3177-2/"
},
{
"trust": 0.1,
"url": "https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/"
},
{
"trust": 0.1,
"url": "https://cf.passport.softwaregrp.com/hppcf/createuser.do"
},
{
"trust": 0.1,
"url": "https://softwaresupport.softwaregrp.com/psrt"
},
{
"trust": 0.1,
"url": "https://softwaresupport.softwaregrp.com/group/softwaresupport/email-notification/-/subscriptions/registerdocumentnotification"
},
{
"trust": 0.1,
"url": "https://softwaresupport.softwaregrp.com/gro"
},
{
"trust": 0.1,
"url": "https://softwaresupport.softwaregrp.com/security-vulnerability"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5664"
},
{
"trust": 0.1,
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/km03302206"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-6325"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6796"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/solutions/2435491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6325"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-8735"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-1240"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6794"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-5018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-6797"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-6796"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6797"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-0762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3092"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5018"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-3092"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1240"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_web_server/3/html-single/3.1_release_notes/index.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/vulnerabilities/httpoxy"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=webserver\u0026version=3.1.0"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-0762"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-6794"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6816"
},
{
"db": "BID",
"id": "94461"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "PACKETSTORM",
"id": "140916"
},
{
"db": "PACKETSTORM",
"id": "142108"
},
{
"db": "PACKETSTORM",
"id": "141637"
},
{
"db": "PACKETSTORM",
"id": "150775"
},
{
"db": "PACKETSTORM",
"id": "140917"
},
{
"db": "PACKETSTORM",
"id": "140914"
},
{
"db": "PACKETSTORM",
"id": "141513"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-610"
},
{
"db": "NVD",
"id": "CVE-2016-6816"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2016-6816"
},
{
"db": "BID",
"id": "94461"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "PACKETSTORM",
"id": "140916"
},
{
"db": "PACKETSTORM",
"id": "142108"
},
{
"db": "PACKETSTORM",
"id": "141637"
},
{
"db": "PACKETSTORM",
"id": "150775"
},
{
"db": "PACKETSTORM",
"id": "140917"
},
{
"db": "PACKETSTORM",
"id": "140914"
},
{
"db": "PACKETSTORM",
"id": "141513"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-610"
},
{
"db": "NVD",
"id": "CVE-2016-6816"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-20T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6816"
},
{
"date": "2016-11-22T00:00:00",
"db": "BID",
"id": "94461"
},
{
"date": "2017-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"date": "2017-02-03T15:54:10",
"db": "PACKETSTORM",
"id": "140916"
},
{
"date": "2017-04-12T23:47:55",
"db": "PACKETSTORM",
"id": "142108"
},
{
"date": "2017-03-15T15:22:10",
"db": "PACKETSTORM",
"id": "141637"
},
{
"date": "2018-12-13T18:21:43",
"db": "PACKETSTORM",
"id": "150775"
},
{
"date": "2017-02-03T15:54:17",
"db": "PACKETSTORM",
"id": "140917"
},
{
"date": "2017-02-03T15:53:54",
"db": "PACKETSTORM",
"id": "140914"
},
{
"date": "2017-03-08T00:57:19",
"db": "PACKETSTORM",
"id": "141513"
},
{
"date": "2016-11-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-610"
},
{
"date": "2017-03-20T18:59:00.173000",
"db": "NVD",
"id": "CVE-2016-6816"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6816"
},
{
"date": "2017-05-23T16:27:00",
"db": "BID",
"id": "94461"
},
{
"date": "2019-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-610"
},
{
"date": "2024-11-21T02:56:53.430000",
"db": "NVD",
"id": "CVE-2016-6816"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "150775"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-610"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Tomcat Updates for multiple vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "94461"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-610"
}
],
"trust": 0.9
}
}
var-201708-0218
Vulnerability from variot
The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible. The Apache Software Foundation From Apache Tomcat Updates for the following multiple vulnerabilities have been released: * * HTTP Response falsification (CVE-2016-6816) * * Service operation interruption (DoS) (CVE-2016-6817) * * Arbitrary code execution (CVE-2016-8735)Expected impact varies depending on each vulnerability, but information leakage, service operation interruption (DoS) May be affected by arbitrary code execution. Apache Tomcat is prone to a denial-of-service vulnerability. Attackers may leverage this issue to cause denial-of-service conditions. The following versions are affected: Apache Tomcat 9.0.0.M1 through 9.0.0.M11 Apache Tomcat 8.5.0 through 8.5.6
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0218",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tomcat",
"scope": "eq",
"trust": 1.6,
"vendor": "apache",
"version": "9.0.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.5.6"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.5.5"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.5.4"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.5.3"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.5.2"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.3,
"vendor": "apache",
"version": "8.5.0"
},
{
"model": "tomcat",
"scope": "eq",
"trust": 1.0,
"vendor": "apache",
"version": "8.5.1"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "6.0.0 from 6.0.47"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "7.0.0 from 7.0.72"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "8.0.0.rc1 from 8.0.38"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "8.5.0 from 8.5.6"
},
{
"model": "tomcat",
"scope": "lte",
"trust": 0.8,
"vendor": "apache",
"version": "9.0.0.m1 from 9.0.0.m11"
},
{
"model": "mailshooter",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": "simpwright",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v6"
},
{
"model": "simpwright",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "v7"
},
{
"model": "spoolserver series",
"scope": "eq",
"trust": 0.8,
"vendor": "nec",
"version": "reportfiling ver5.2 to 6.2"
},
{
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "cosminexus application server version 5",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus component container",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer light version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer professional version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer standard version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer version 5",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base version 5"
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base version 6"
},
{
"model": "cosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "cosminexus studio",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light version"
},
{
"model": "embedded cosminexus server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 5"
},
{
"model": "jp1/cm2/network node manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "jp1/network node manager",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "-r"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "express"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "light"
},
{
"model": "ucosminexus application server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "standard-r"
},
{
"model": "ucosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server smart edition",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "01"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for atm"
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional for plug-in"
},
{
"model": "ucosminexus developer light",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer standard",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base"
},
{
"model": "ucosminexus primary server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "base(64)"
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "none"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "(64)"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- messaging"
},
{
"model": "programming environment for java",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "solaris",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "10"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.3"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "5.2"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "4.71"
},
{
"model": "tomcat 9.0.0m8",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0m6",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m9",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m7",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m5",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m4",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m3",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m2",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m11",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m10",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat 9.0.0.m1",
"scope": null,
"trust": 0.3,
"vendor": "apache",
"version": null
},
{
"model": "tomcat",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": "8.5.8"
},
{
"model": "tomcat 9.0.0.m13",
"scope": "ne",
"trust": 0.3,
"vendor": "apache",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "94462"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-611"
},
{
"db": "NVD",
"id": "CVE-2016-6817"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:apache:tomcat",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:mailshooter",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:nec:simpwright",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:nec:spoolserver",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server_version_5",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_component_container",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_developer_version_5",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:cosminexus_studio",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:embedded_cosminexus_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_cm2_network_node_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:jp1_network_node_manager",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_light",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer_standard",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_architect",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:ucosminexus_service_platform",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hitachi:programming_environment_for_java",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "94462"
}
],
"trust": 0.3
},
"cve": "CVE-2016-6817",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-6817",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-6817",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2016-6817",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-6817",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2016-6817",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-611",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-6817",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6817"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-611"
},
{
"db": "NVD",
"id": "CVE-2016-6817"
},
{
"db": "NVD",
"id": "CVE-2016-6817"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible. The Apache Software Foundation From Apache Tomcat Updates for the following multiple vulnerabilities have been released: * * HTTP Response falsification (CVE-2016-6816) * * Service operation interruption (DoS) (CVE-2016-6817) * * Arbitrary code execution (CVE-2016-8735)Expected impact varies depending on each vulnerability, but information leakage, service operation interruption (DoS) May be affected by arbitrary code execution. Apache Tomcat is prone to a denial-of-service vulnerability. \nAttackers may leverage this issue to cause denial-of-service conditions. \nThe following versions are affected:\nApache Tomcat 9.0.0.M1 through 9.0.0.M11\nApache Tomcat 8.5.0 through 8.5.6",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6817"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "BID",
"id": "94462"
},
{
"db": "VULMON",
"id": "CVE-2016-6817"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-6817",
"trust": 2.8
},
{
"db": "BID",
"id": "94462",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1037330",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU92250735",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-611",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2016-6817",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6817"
},
{
"db": "BID",
"id": "94462"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-611"
},
{
"db": "NVD",
"id": "CVE-2016-6817"
}
]
},
"id": "VAR-201708-0218",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.15072303
},
"last_update_date": "2024-11-23T20:53:15.475000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fixed in Apache Tomcat 8.0.39",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39"
},
{
"title": "Fixed in Apache Tomcat 7.0.73",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73"
},
{
"title": "Fixed in Apache Tomcat 6.0.48",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48"
},
{
"title": "Fixed in Apache Tomcat 9.0.0.M13",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13"
},
{
"title": "Fixed in Apache Tomcat 8.5.8",
"trust": 0.8,
"url": "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.8"
},
{
"title": "hitachi-sec-2017-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-107/index.html"
},
{
"title": "hitachi-sec-2019-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2019-107/index.html"
},
{
"title": "NV17-002",
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv17-002.html"
},
{
"title": "hitachi-sec-2017-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2017-107/index.html"
},
{
"title": "hitachi-sec-2019-107",
"trust": 0.8,
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/hitachi-sec-2019-107/index.html"
},
{
"title": "Apache Tomcat Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66020"
},
{
"title": "Red Hat: CVE-2016-6817",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2016-6817"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=a2bac27fb002bed513645d4775c7275b"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - April 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=143b3fb255063c81571469eaa3cf0a87"
},
{
"title": "rhsecapi",
"trust": 0.1,
"url": "https://github.com/RedHatOfficial/rhsecapi "
},
{
"title": "rhsecapi",
"trust": 0.1,
"url": "https://github.com/ryran/rhsecapi "
},
{
"title": "rhsecapi",
"trust": 0.1,
"url": "https://github.com/RedHatProductSecurity/cve-pylib "
},
{
"title": "A2:2017 Broken Authentication\nA5:2017 Broken Access Control\nA3:2017 Sensitive Data Exposure\nA6:2017 Security Misconfiguration\nA9:2017 Using Components with Known Vulnerabilities\nA10:2017 Insufficient Logging \u0026 Monitoring",
"trust": 0.1,
"url": "https://github.com/ilmari666/cybsec "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6817"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-611"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.0
},
{
"problemtype": "CWE-835",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-6817"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/94462"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1037330"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20180607-0001/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/a9f24571460af003071475b75f18cad81ebcc36fa7c876965a75e32a%40%3cannounce.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6816"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-6817"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8735"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92250735/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6816"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-6817"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-8735"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/a9f24571460af003071475b75f18cad81ebcc36fa7c876965a75e32a@%3cannounce.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3cdev.tomcat.apache.org%3e"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/security-8.html"
},
{
"trust": 0.3,
"url": "http://tomcat.apache.org/security-9.html"
},
{
"trust": 0.3,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"trust": 0.3,
"url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2017-3431551.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2016-6817"
},
{
"trust": 0.1,
"url": "https://github.com/redhatofficial/rhsecapi"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-6817"
},
{
"db": "BID",
"id": "94462"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-611"
},
{
"db": "NVD",
"id": "CVE-2016-6817"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2016-6817"
},
{
"db": "BID",
"id": "94462"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-611"
},
{
"db": "NVD",
"id": "CVE-2016-6817"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-10T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6817"
},
{
"date": "2016-11-22T00:00:00",
"db": "BID",
"id": "94462"
},
{
"date": "2017-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"date": "2016-11-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-611"
},
{
"date": "2017-08-10T22:29:00.233000",
"db": "NVD",
"id": "CVE-2016-6817"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-12-08T00:00:00",
"db": "VULMON",
"id": "CVE-2016-6817"
},
{
"date": "2017-05-02T01:06:00",
"db": "BID",
"id": "94462"
},
{
"date": "2019-04-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007656"
},
{
"date": "2019-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-611"
},
{
"date": "2024-11-21T02:56:53.643000",
"db": "NVD",
"id": "CVE-2016-6817"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-611"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache Tomcat Updates for multiple vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007656"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-611"
}
],
"trust": 0.6
}
}
cve-2023-6814
Vulnerability from cvelistv5
Published
2024-03-12 03:39
Modified
2024-08-02 08:42
Severity ?
EPSS score ?
Summary
Information Exposure Vulnerability in Cosminexus Component Container
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-118/index.html | vendor-advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Hitachi | Cosminexus Component Container |
Version: 11-30 < 11-30-05 Version: 11-20 < 11-20-07 Version: 11-10 < 11-10-10 Version: 11-00 < 11-00-12 Version: 08-00 < |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6814",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T13:30:31.864165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T01:57:04.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-118/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cosminexus Component Container",
"vendor": "Hitachi",
"versions": [
{
"changes": [
{
"at": "11-30-05",
"status": "unaffected"
}
],
"lessThan": "11-30-05",
"status": "affected",
"version": "11-30",
"versionType": "custom"
},
{
"changes": [
{
"at": "11-20-07",
"status": "unaffected"
}
],
"lessThan": "11-20-07",
"status": "affected",
"version": "11-20",
"versionType": "custom"
},
{
"changes": [
{
"at": "11-10-10",
"status": "unaffected"
}
],
"lessThan": "11-10-10",
"status": "affected",
"version": "11-10",
"versionType": "custom"
},
{
"changes": [
{
"at": "11-00-12",
"status": "unaffected"
}
],
"lessThan": "11-00-12",
"status": "affected",
"version": "11-00",
"versionType": "custom"
},
{
"lessThanOrEqual": "09-*",
"status": "affected",
"version": "08-00",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.\u003cp\u003eThis issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before 11-10-10, from 11-00 before 11-00-12, All versions of V8 and V9.\u003c/p\u003e"
}
],
"value": "Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before 11-10-10, from 11-00 before 11-00-12, All versions of V8 and V9.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-114",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-114 Authentication Abuse"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-16T03:10:06.839Z",
"orgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"shortName": "Hitachi"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-118/index.html"
}
],
"source": {
"advisory": "hitachi-sec-2024-118",
"discovery": "UNKNOWN"
},
"title": "Information Exposure Vulnerability in Cosminexus Component Container",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "50d0f415-c707-4733-9afc-8f6c0e9b3f82",
"assignerShortName": "Hitachi",
"cveId": "CVE-2023-6814",
"datePublished": "2024-03-12T03:39:22.392Z",
"dateReserved": "2023-12-14T02:26:36.719Z",
"dateUpdated": "2024-08-02T08:42:07.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}