All the vulnerabilites related to FUJITSU - Interstage Application Development Cycle Manager
var-201201-0259
Vulnerability from variot
Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. Apache Tomcat Calculates the hash value of the form parameter without restricting the assumption of hash collision. (CPU Resource consumption ) There is a vulnerability that becomes a condition.A third party can send a large amount of crafted parameters to disrupt service operation. (CPU Resource consumption ) There is a possibility of being put into a state. ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: Hitachi COBOL2002 Products Unspecified Vulnerability
SECUNIA ADVISORY ID: SA47643
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47643/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47643
RELEASE DATE: 2012-01-20
DISCUSS ADVISORY: http://secunia.com/advisories/47643/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47643/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47643
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has reported a vulnerability in some COBOL2002 products, which can be exploited by malicious users to compromise a vulnerable system.
For more information: SA47612
The vulnerability is reported in versions 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, and 01-03 through 01-03-/F.
SOLUTION: Upgrade to version 02-01-/D.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-002/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-24
http://security.gentoo.org/
Severity: Normal Title: Apache Tomcat: Multiple vulnerabilities Date: June 24, 2012 Bugs: #272566, #273662, #303719, #320963, #329937, #373987, #374619, #382043, #386213, #396401, #399227 ID: 201206-24
Synopsis
Multiple vulnerabilities were found in Apache Tomcat, the worst of which allowing to read, modify and overwrite arbitrary files.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-servers/tomcat < 5.5.34 >= 6.0.35 *< 6.0.35 >= 7.0.23 < 7.0.23
Description
Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details.
Impact
The vulnerabilities allow an attacker to cause a Denial of Service, to hijack a session, to bypass authentication, to inject webscript, to enumerate valid usernames, to read, modify and overwrite arbitrary files, to bypass intended access restrictions, to delete work-directory files, to discover the server's hostname or IP, to bypass read permissions for files or HTTP headers, to read or write files outside of the intended working directory, and to obtain sensitive information by reading a log file.
Workaround
There is no known workaround at this time.
Resolution
All Apache Tomcat 6.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-6.0.35"
All Apache Tomcat 7.0.x users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/tomcat-7.0.23"
References
[ 1 ] CVE-2008-5515 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5515 [ 2 ] CVE-2009-0033 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0033 [ 3 ] CVE-2009-0580 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0580 [ 4 ] CVE-2009-0781 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0781 [ 5 ] CVE-2009-0783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0783 [ 6 ] CVE-2009-2693 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2693 [ 7 ] CVE-2009-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2901 [ 8 ] CVE-2009-2902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2902 [ 9 ] CVE-2010-1157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1157 [ 10 ] CVE-2010-2227 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2227 [ 11 ] CVE-2010-3718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3718 [ 12 ] CVE-2010-4172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4172 [ 13 ] CVE-2010-4312 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4312 [ 14 ] CVE-2011-0013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0013 [ 15 ] CVE-2011-0534 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0534 [ 16 ] CVE-2011-1088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1088 [ 17 ] CVE-2011-1183 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1183 [ 18 ] CVE-2011-1184 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1184 [ 19 ] CVE-2011-1419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1419 [ 20 ] CVE-2011-1475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1475 [ 21 ] CVE-2011-1582 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1582 [ 22 ] CVE-2011-2204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2204 [ 23 ] CVE-2011-2481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2481 [ 24 ] CVE-2011-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2526 [ 25 ] CVE-2011-2729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2729 [ 26 ] CVE-2011-3190 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3190 [ 27 ] CVE-2011-3375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3375 [ 28 ] CVE-2011-4858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4858 [ 29 ] CVE-2011-5062 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5062 [ 30 ] CVE-2011-5063 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5063 [ 31 ] CVE-2011-5064 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5064 [ 32 ] CVE-2012-0022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0022
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-24.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Optional (v. 6) - noarch Red Hat Enterprise Linux HPC Node Optional (v. 6) - noarch Red Hat Enterprise Linux Workstation (v. 6) - noarch Red Hat Enterprise Linux Workstation Optional (v. 6) - noarch
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: tomcat6 security and bug fix update Advisory ID: RHSA-2012:0682-01 Product: JBoss Enterprise Web Server Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0682.html Issue date: 2012-05-21 CVE Names: CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 CVE-2011-3190 CVE-2011-3375 CVE-2011-4858 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 CVE-2012-0022 =====================================================================
- Summary:
Updated tomcat6 packages that fix multiple security issues and three bugs are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
JBoss Enterprise Web Server 1.0 for RHEL 5 Server - noarch JBoss Enterprise Web Server 1.0 for RHEL 6 Server - noarch
- Description:
Apache Tomcat is a servlet container.
JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime (APR) support for Tomcat. References in this text to APR refer to the Tomcat Native implementation, not any other apr package.
This update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It also resolves the following security issues:
Multiple flaws weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064)
A flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor) and APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ Protocol) connectors processed certain POST requests. An attacker could send a specially-crafted request that would cause the connector to treat the message body as a new request. This allows arbitrary AJP messages to be injected, possibly allowing an attacker to bypass a web application's authentication checks and gain access to information they would otherwise be unable to access. The JK (org.apache.jk.server.JkCoyoteHandler) connector is used by default when the APR libraries are not present. The JK connector is not affected by this flaw. (CVE-2011-3190)
A flaw in the way Tomcat recycled objects that contain data from user requests (such as IP addresses and HTTP headers) when certain errors occurred. If a user sent a request that caused an error to be logged, Tomcat would return a reply to the next request (which could be sent by a different user) with data from the first user's request, leading to information disclosure. Under certain conditions, a remote attacker could leverage this flaw to hijack sessions. (CVE-2011-3375)
The Java hashCode() method implementation was susceptible to predictable hash collisions. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2011-4858)
Tomcat did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make Tomcat use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. Refer to the CVE-2011-4858 description for information about the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. (CVE-2012-0022)
A flaw in the Tomcat MemoryUserDatabase. If a runtime exception occurred when creating a new user with a JMX client, that user's password was logged to Tomcat log files. Note: By default, only administrators have access to such log files. (CVE-2011-2204)
A flaw in the way Tomcat handled sendfile request attributes when using the HTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application running on a Tomcat instance could use this flaw to bypass security manager restrictions and gain access to files it would otherwise be unable to access, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO connector is used by default in JBoss Enterprise Web Server. (CVE-2011-2526)
Red Hat would like to thank oCERT for reporting CVE-2011-4858, and the Apache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters of CVE-2011-4858.
- Solution:
Users of Tomcat should upgrade to these updated packages, which resolve these issues. Tomcat must be restarted for this update to take effect.
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
717013 - CVE-2011-2204 tomcat: password disclosure vulnerability 720948 - CVE-2011-2526 tomcat: security manager restrictions bypass 734868 - CVE-2011-3190 tomcat: authentication bypass and information disclosure 741401 - CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 tomcat: Multiple weaknesses in HTTP DIGEST authentication 750521 - CVE-2011-4858 tomcat: hash table collisions CPU usage DoS (oCERT-2011-003) 782624 - CVE-2011-3375 tomcat: information disclosure due to improper response and request object recycling 783359 - CVE-2012-0022 tomcat: large number of parameters DoS
- Package List:
JBoss Enterprise Web Server 1.0 for RHEL 5 Server:
Source: tomcat6-6.0.32-24_patch_07.ep5.el5.src.rpm
noarch: tomcat6-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-admin-webapps-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-docs-webapp-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-el-1.0-api-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-javadoc-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-jsp-2.1-api-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-lib-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-log4j-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-servlet-2.5-api-6.0.32-24_patch_07.ep5.el5.noarch.rpm tomcat6-webapps-6.0.32-24_patch_07.ep5.el5.noarch.rpm
JBoss Enterprise Web Server 1.0 for RHEL 6 Server:
Source: tomcat6-6.0.32-24_patch_07.ep5.el6.src.rpm
noarch: tomcat6-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-admin-webapps-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-docs-webapp-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-el-1.0-api-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-javadoc-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-jsp-2.1-api-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-lib-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-log4j-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-servlet-2.5-api-6.0.32-24_patch_07.ep5.el6.noarch.rpm tomcat6-webapps-6.0.32-24_patch_07.ep5.el6.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-1184.html https://www.redhat.com/security/data/cve/CVE-2011-2204.html https://www.redhat.com/security/data/cve/CVE-2011-2526.html https://www.redhat.com/security/data/cve/CVE-2011-3190.html https://www.redhat.com/security/data/cve/CVE-2011-3375.html https://www.redhat.com/security/data/cve/CVE-2011-4858.html https://www.redhat.com/security/data/cve/CVE-2011-5062.html https://www.redhat.com/security/data/cve/CVE-2011-5063.html https://www.redhat.com/security/data/cve/CVE-2011-5064.html https://www.redhat.com/security/data/cve/CVE-2012-0022.html https://access.redhat.com/security/updates/classification/#moderate http://tomcat.apache.org/security-6.html https://issues.jboss.org/browse/JBPAPP-4873 https://issues.jboss.org/browse/JBPAPP-6133 https://issues.jboss.org/browse/JBPAPP-6852
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPunmrXlSAg2UNWIIRAkA4AKCTaGA0dlkzcdXw8BMDz6i6Kk31iQCbBwk5 HGbJnvqJAVX57f9/Kpj3+R4= =pyZw -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service (infinite loop) on the JBoss Web server.
Warning: Before applying this update, back up your JBoss Enterprise Application Platform's "jboss-as/server/[PROFILE]/deploy/" directory, along with all other customized configuration files. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. Refer to the JBoss Enterprise Portal Platform 4.3 CP07 Release Notes, available shortly from docs.redhat.com, for information on the most significant bug fixes included in this release.
The following security fixes are also included:
JBoss Seam 2 did not properly block access to JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework. Note: A properly configured and enabled Java Security Manager would prevent exploitation of this flaw. (CVE-2011-1484)
Note: If you have created custom applications that are packaged with a copy of the JBoss Seam 2 library, those applications must be rebuilt with the updated jboss-seam.jar file provided by this update. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064)
The invoker servlets, deployed by default via httpha-invoker, only performed access control on the HTTP GET and POST methods, allowing remote attackers to make unauthenticated requests by using different HTTP methods. Due to the second layer of authentication provided by a security interceptor, this issue is not exploitable on default installations unless an administrator has misconfigured the security interceptor or disabled it. Solution:
The References section of this erratum contains a download link (you must log in to download the update). Note that if you have created custom applications that are packaged with a copy of the JBoss Seam 2 library, those applications must be rebuilt with the updated jboss-seam.jar file provided by this update. Description:
The JBoss Communications Platform (JBCP) is an open source VoIP platform certified for JAIN SLEE 1.1 and SIP Servlets 1.1 compliance. JBCP serves as a high performance core for Service Delivery Platforms (SDPs) and IP Multimedia Subsystems (IMSs) by leveraging J2EE to enable the convergence of data and video in Next-Generation Intelligent Network (NGIN) applications
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201201-0259", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.9" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.15" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.1" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.25" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.21" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.13" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.3" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.3" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.15" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.16" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.33" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "5.5.35" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.11" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.22" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.6" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.20" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.7" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.10" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.6" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.4" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.2" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.22" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.27" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.10" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.18" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.18" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.17" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.5" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.19" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.14" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.30" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.7" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.9" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.12" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.24" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.14" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.11" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.5" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.23" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.0" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.19" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.32" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.12" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.29" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.17" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.8" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.31" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.16" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.20" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.21" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.4" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.34" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "7.0.8" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.13" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.28" }, { "model": "tomcat", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "6.0.26" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apache tomcat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ruby", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "the php group", "version": null }, { "model": "interstage list works", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage service integrator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard" }, { "model": "systemwalker software configuration manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker it change manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise version 6" }, { "model": "interstage xml business activity recorder", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard-j edition v7.1 to v8.1" }, { "model": "tomcat", "scope": "lt", "trust": 0.8, "vendor": "apache", "version": "7.x" }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise service bus v6.4 to v8.4" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v4.1 to v6.5" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "smart edition" }, { "model": "it operations analyzer", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "lt", "trust": 0.8, "vendor": "apache", "version": "6.x" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "cosminexus component container", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "systemwalker operation manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker it process master", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "developer v7.1 to v8.1" }, { "model": "interstage application development cycle manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "none" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "portal v8.2 to v8.3" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v7.1 to v8.1" }, { "model": "csview", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/faq navigator v4 v5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v8.4" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard-r" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.4" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "sip application server st ard edition v7.1 to v8.1" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "development environment v6.1 to v6.5" }, { "model": "systemwalker desktop inspection", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "6.0.35" }, { "model": "websam storage vmware vcenter plug-in", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v1.1" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v7.1 to v8.1" }, { "model": "success server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "plus developer / apworks / studio" }, { "model": "systemwalker service quality coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "uddi registry v1.1 to v7.1" }, { "model": "systemwalker runbook automation", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "serverview", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "resource orchestrator cloud edition" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard v8.2 to v8.4" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional version 6" }, { "model": "interstage list manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard-j edition v4.1 to v6.5" }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "infoframe documentskipper", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v4.1" }, { "model": "infocage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "pc security v1.44 before" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "architect" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard edition v4.1 to v6.5" }, { "model": "internet navigware server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "infoframe documentskipper", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v3.2" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise" }, { "model": "websam securemaster", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterpriseidentitymanager ver4.1 all versions up to" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker availability view", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage shunsaku data manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "interstage form coordinator workflow", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker service catalog manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v4.1 to v6.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard edition v7.1 to v8.1" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard version 6" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "websam securemaster", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterpriseaccessmanager ver5.0 to ver6.1" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light version 6" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v8.4" }, { "model": "tomcat", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "7.0.23" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "st ard version 6" }, { "model": "garoon", "scope": "eq", "trust": 0.8, "vendor": "cybozu", "version": "2.0.0 to 3.1" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - messaging" }, { "model": "infoframe documentskipper", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v5.1" }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#903934" }, { "db": "JVNDB", "id": "JVNDB-2012-001003" }, { "db": "NVD", "id": "CVE-2011-4858" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:tomcat", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:cognos_business_intelligence", "vulnerable": true }, { "cpe22Uri": "cpe:/a:cybozu:garoon", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:csview", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:infocage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:infoframe_documentskipper", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:websam_securemaster", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_component_container", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:it_operations_analyzer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:internet_navigware_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_form_coordinator_workflow", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_list_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_list_works", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_shunsaku_data_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_xml_business_activity_recorder", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:serverview", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:success_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_availability_view", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_desktop_inspection", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_change_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_process_master", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_operation_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_runbook_automation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001003" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "111783" }, { "db": "PACKETSTORM", "id": "112906" }, { "db": "PACKETSTORM", "id": "110084" }, { "db": "PACKETSTORM", "id": "109272" }, { "db": "PACKETSTORM", "id": "109367" }, { "db": "PACKETSTORM", "id": "109274" } ], "trust": 0.6 }, "cve": "CVE-2011-4858", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2011-4858", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-4858", "trust": 1.0, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#903934", "trust": 0.8, "value": "10.80" }, { "author": "NVD", "id": "CVE-2011-4858", "trust": 0.8, "value": "Medium" }, { "author": "VULMON", "id": "CVE-2011-4858", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#903934" }, { "db": "VULMON", "id": "CVE-2011-4858" }, { "db": "JVNDB", "id": "JVNDB-2012-001003" }, { "db": "NVD", "id": "CVE-2011-4858" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. Apache Tomcat Calculates the hash value of the form parameter without restricting the assumption of hash collision. (CPU Resource consumption ) There is a vulnerability that becomes a condition.A third party can send a large amount of crafted parameters to disrupt service operation. (CPU Resource consumption ) There is a possibility of being put into a state. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi COBOL2002 Products Unspecified Vulnerability\n\nSECUNIA ADVISORY ID:\nSA47643\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47643/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47643\n\nRELEASE DATE:\n2012-01-20\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47643/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47643/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47643\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has reported a vulnerability in some COBOL2002 products,\nwhich can be exploited by malicious users to compromise a vulnerable\nsystem. \n\nFor more information:\nSA47612\n\nThe vulnerability is reported in versions 01-00, 01-01 through\n01-01-/D, 01-02 through 01-02-/F, and 01-03 through 01-03-/F. \n\nSOLUTION:\nUpgrade to version 02-01-/D. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-002/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201206-24\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Apache Tomcat: Multiple vulnerabilities\n Date: June 24, 2012\n Bugs: #272566, #273662, #303719, #320963, #329937, #373987,\n #374619, #382043, #386213, #396401, #399227\n ID: 201206-24\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities were found in Apache Tomcat, the worst of\nwhich allowing to read, modify and overwrite arbitrary files. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-servers/tomcat *\u003c 5.5.34 *\u003e= 6.0.35\n *\u003c 6.0.35 \u003e= 7.0.23\n \u003c 7.0.23\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Apache Tomcat. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n======\n\nThe vulnerabilities allow an attacker to cause a Denial of Service, to\nhijack a session, to bypass authentication, to inject webscript, to\nenumerate valid usernames, to read, modify and overwrite arbitrary\nfiles, to bypass intended access restrictions, to delete work-directory\nfiles, to discover the server\u0027s hostname or IP, to bypass read\npermissions for files or HTTP headers, to read or write files outside\nof the intended working directory, and to obtain sensitive information\nby reading a log file. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache Tomcat 6.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-6.0.35\"\n\nAll Apache Tomcat 7.0.x users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/tomcat-7.0.23\"\n\nReferences\n==========\n\n[ 1 ] CVE-2008-5515\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5515\n[ 2 ] CVE-2009-0033\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0033\n[ 3 ] CVE-2009-0580\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0580\n[ 4 ] CVE-2009-0781\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0781\n[ 5 ] CVE-2009-0783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0783\n[ 6 ] CVE-2009-2693\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2693\n[ 7 ] CVE-2009-2901\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2901\n[ 8 ] CVE-2009-2902\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2902\n[ 9 ] CVE-2010-1157\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1157\n[ 10 ] CVE-2010-2227\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2227\n[ 11 ] CVE-2010-3718\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3718\n[ 12 ] CVE-2010-4172\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4172\n[ 13 ] CVE-2010-4312\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4312\n[ 14 ] CVE-2011-0013\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0013\n[ 15 ] CVE-2011-0534\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0534\n[ 16 ] CVE-2011-1088\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1088\n[ 17 ] CVE-2011-1183\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1183\n[ 18 ] CVE-2011-1184\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1184\n[ 19 ] CVE-2011-1419\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1419\n[ 20 ] CVE-2011-1475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1475\n[ 21 ] CVE-2011-1582\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1582\n[ 22 ] CVE-2011-2204\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2204\n[ 23 ] CVE-2011-2481\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2481\n[ 24 ] CVE-2011-2526\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2526\n[ 25 ] CVE-2011-2729\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2729\n[ 26 ] CVE-2011-3190\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3190\n[ 27 ] CVE-2011-3375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3375\n[ 28 ] CVE-2011-4858\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4858\n[ 29 ] CVE-2011-5062\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5062\n[ 30 ] CVE-2011-5063\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5063\n[ 31 ] CVE-2011-5064\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5064\n[ 32 ] CVE-2012-0022\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0022\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-24.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Optional (v. 6) - noarch\nRed Hat Enterprise Linux HPC Node Optional (v. 6) - noarch\nRed Hat Enterprise Linux Workstation (v. 6) - noarch\nRed Hat Enterprise Linux Workstation Optional (v. 6) - noarch\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: tomcat6 security and bug fix update\nAdvisory ID: RHSA-2012:0682-01\nProduct: JBoss Enterprise Web Server\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0682.html\nIssue date: 2012-05-21\nCVE Names: CVE-2011-1184 CVE-2011-2204 CVE-2011-2526 \n CVE-2011-3190 CVE-2011-3375 CVE-2011-4858 \n CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 \n CVE-2012-0022 \n=====================================================================\n\n1. Summary:\n\nUpdated tomcat6 packages that fix multiple security issues and three bugs\nare now available for JBoss Enterprise Web Server 1.0.2 for Red Hat\nEnterprise Linux 5 and 6. \n\nThe Red Hat Security Response Team has rated this update as having moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nJBoss Enterprise Web Server 1.0 for RHEL 5 Server - noarch\nJBoss Enterprise Web Server 1.0 for RHEL 6 Server - noarch\n\n3. Description:\n\nApache Tomcat is a servlet container. \n\nJBoss Enterprise Web Server includes the Tomcat Native library, providing\nApache Portable Runtime (APR) support for Tomcat. References in this text\nto APR refer to the Tomcat Native implementation, not any other apr\npackage. \n\nThis update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It\nalso resolves the following security issues:\n\nMultiple flaws weakened the Tomcat HTTP DIGEST authentication\nimplementation, subjecting it to some of the weaknesses of HTTP BASIC\nauthentication, for example, allowing remote attackers to perform session\nreplay attacks. (CVE-2011-1184, CVE-2011-5062, CVE-2011-5063,\nCVE-2011-5064)\n\nA flaw was found in the way the Coyote (org.apache.coyote.ajp.AjpProcessor)\nand APR (org.apache.coyote.ajp.AjpAprProcessor) Tomcat AJP (Apache JServ\nProtocol) connectors processed certain POST requests. An attacker could\nsend a specially-crafted request that would cause the connector to treat\nthe message body as a new request. This allows arbitrary AJP messages to be\ninjected, possibly allowing an attacker to bypass a web application\u0027s\nauthentication checks and gain access to information they would otherwise\nbe unable to access. The JK (org.apache.jk.server.JkCoyoteHandler)\nconnector is used by default when the APR libraries are not present. The JK\nconnector is not affected by this flaw. (CVE-2011-3190)\n\nA flaw in the way Tomcat recycled objects that contain data from user\nrequests (such as IP addresses and HTTP headers) when certain errors\noccurred. If a user sent a request that caused an error to be logged,\nTomcat would return a reply to the next request (which could be sent by a\ndifferent user) with data from the first user\u0027s request, leading to\ninformation disclosure. Under certain conditions, a remote attacker could\nleverage this flaw to hijack sessions. (CVE-2011-3375)\n\nThe Java hashCode() method implementation was susceptible to predictable\nhash collisions. This update\nintroduces a limit on the number of parameters processed per request to\nmitigate this issue. The default limit is 512 for parameters and 128 for\nheaders. These defaults can be changed by setting the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. \n(CVE-2011-4858)\n\nTomcat did not handle large numbers of parameters and large parameter\nvalues efficiently. A remote attacker could make Tomcat use an excessive\namount of CPU time by sending an HTTP request containing a large number of\nparameters or large parameter values. This update introduces limits on the\nnumber of parameters and headers processed per request to address this\nissue. Refer to the CVE-2011-4858 description for information about the\norg.apache.tomcat.util.http.Parameters.MAX_COUNT and\norg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties. \n(CVE-2012-0022)\n\nA flaw in the Tomcat MemoryUserDatabase. If a runtime exception occurred\nwhen creating a new user with a JMX client, that user\u0027s password was logged\nto Tomcat log files. Note: By default, only administrators have access to\nsuch log files. (CVE-2011-2204)\n\nA flaw in the way Tomcat handled sendfile request attributes when using the\nHTTP APR or NIO (Non-Blocking I/O) connector. A malicious web application\nrunning on a Tomcat instance could use this flaw to bypass security manager\nrestrictions and gain access to files it would otherwise be unable to\naccess, or possibly terminate the Java Virtual Machine (JVM). The HTTP NIO\nconnector is used by default in JBoss Enterprise Web Server. \n(CVE-2011-2526)\n\nRed Hat would like to thank oCERT for reporting CVE-2011-4858, and the\nApache Tomcat project for reporting CVE-2011-2526. oCERT acknowledges\nJulian W\u00e4lde and Alexander Klink as the original reporters of\nCVE-2011-4858. \n\n4. Solution:\n\nUsers of Tomcat should upgrade to these updated packages, which\nresolve these issues. Tomcat must be restarted for this update to take\neffect. \n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n717013 - CVE-2011-2204 tomcat: password disclosure vulnerability\n720948 - CVE-2011-2526 tomcat: security manager restrictions bypass\n734868 - CVE-2011-3190 tomcat: authentication bypass and information disclosure\n741401 - CVE-2011-1184 CVE-2011-5062 CVE-2011-5063 CVE-2011-5064 tomcat: Multiple weaknesses in HTTP DIGEST authentication\n750521 - CVE-2011-4858 tomcat: hash table collisions CPU usage DoS (oCERT-2011-003)\n782624 - CVE-2011-3375 tomcat: information disclosure due to improper response and request object recycling\n783359 - CVE-2012-0022 tomcat: large number of parameters DoS\n\n6. Package List:\n\nJBoss Enterprise Web Server 1.0 for RHEL 5 Server:\n\nSource:\ntomcat6-6.0.32-24_patch_07.ep5.el5.src.rpm\n\nnoarch:\ntomcat6-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-admin-webapps-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-docs-webapp-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-el-1.0-api-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-javadoc-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-jsp-2.1-api-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-lib-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-log4j-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-servlet-2.5-api-6.0.32-24_patch_07.ep5.el5.noarch.rpm\ntomcat6-webapps-6.0.32-24_patch_07.ep5.el5.noarch.rpm\n\nJBoss Enterprise Web Server 1.0 for RHEL 6 Server:\n\nSource:\ntomcat6-6.0.32-24_patch_07.ep5.el6.src.rpm\n\nnoarch:\ntomcat6-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-admin-webapps-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-docs-webapp-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-el-1.0-api-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-javadoc-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-jsp-2.1-api-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-lib-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-log4j-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-servlet-2.5-api-6.0.32-24_patch_07.ep5.el6.noarch.rpm\ntomcat6-webapps-6.0.32-24_patch_07.ep5.el6.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-1184.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-2204.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-2526.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3190.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3375.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-4858.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-5062.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-5063.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-5064.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0022.html\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttp://tomcat.apache.org/security-6.html\nhttps://issues.jboss.org/browse/JBPAPP-4873\nhttps://issues.jboss.org/browse/JBPAPP-6133\nhttps://issues.jboss.org/browse/JBPAPP-6852\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPunmrXlSAg2UNWIIRAkA4AKCTaGA0dlkzcdXw8BMDz6i6Kk31iQCbBwk5\nHGbJnvqJAVX57f9/Kpj3+R4=\n=pyZw\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nA flaw was found in the way JBoss Web handled UTF-8 surrogate pair\ncharacters. If JBoss Web was hosting an application with UTF-8 character\nencoding enabled, or that included user-supplied UTF-8 strings in a\nresponse, a remote attacker could use this flaw to cause a denial of\nservice (infinite loop) on the JBoss Web server. \n\nWarning: Before applying this update, back up your JBoss Enterprise\nApplication Platform\u0027s \"jboss-as/server/[PROFILE]/deploy/\" directory, along\nwith all other customized configuration files. It comprises a set of offerings for enterprise\ncustomers who are looking for pre-configured profiles of JBoss Enterprise\nMiddleware components that have been tested and certified together to\nprovide an integrated experience. Refer to the\nJBoss Enterprise Portal Platform 4.3 CP07 Release Notes, available shortly\nfrom docs.redhat.com, for information on the most significant bug fixes\nincluded in this release. \n\nThe following security fixes are also included:\n\nJBoss Seam 2 did not properly block access to JBoss Expression Language\n(EL) constructs in page exception handling, allowing arbitrary Java methods\nto be executed. A remote attacker could use this flaw to execute arbitrary\ncode via a specially-crafted URL provided to certain applications based on\nthe JBoss Seam 2 framework. Note: A properly configured and enabled Java\nSecurity Manager would prevent exploitation of this flaw. (CVE-2011-1484)\n\nNote: If you have created custom applications that are packaged with a copy\nof the JBoss Seam 2 library, those applications must be rebuilt with the\nupdated jboss-seam.jar file provided by this update. (CVE-2011-1184, CVE-2011-5062,\nCVE-2011-5063, CVE-2011-5064)\n\nThe invoker servlets, deployed by default via httpha-invoker, only\nperformed access control on the HTTP GET and POST methods, allowing remote\nattackers to make unauthenticated requests by using different HTTP methods. \nDue to the second layer of authentication provided by a security\ninterceptor, this issue is not exploitable on default installations unless\nan administrator has misconfigured the security interceptor or disabled it. Solution:\n\nThe References section of this erratum contains a download link (you must\nlog in to download the update). \nNote that if you have created custom applications that are packaged with a\ncopy of the JBoss Seam 2 library, those applications must be rebuilt with\nthe updated jboss-seam.jar file provided by this update. Description:\n\nThe JBoss Communications Platform (JBCP) is an open source VoIP platform\ncertified for JAIN SLEE 1.1 and SIP Servlets 1.1 compliance. JBCP serves as\na high performance core for Service Delivery Platforms (SDPs) and IP\nMultimedia Subsystems (IMSs) by leveraging J2EE to enable the convergence\nof data and video in Next-Generation Intelligent Network (NGIN)\napplications", "sources": [ { "db": "NVD", "id": "CVE-2011-4858" }, { "db": "CERT/CC", "id": "VU#903934" }, { "db": "JVNDB", "id": "JVNDB-2012-001003" }, { "db": "VULMON", "id": "CVE-2011-4858" }, { "db": "PACKETSTORM", "id": "108860" }, { "db": "PACKETSTORM", "id": "114139" }, { "db": "PACKETSTORM", "id": "111783" }, { "db": "PACKETSTORM", "id": "112906" }, { "db": "PACKETSTORM", "id": "110084" }, { "db": "PACKETSTORM", "id": "109272" }, { "db": "PACKETSTORM", "id": "109367" }, { "db": "PACKETSTORM", "id": "109274" } ], "trust": 3.15 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=2012", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-4858" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "CERT/CC", "id": "VU#903934", "trust": 2.7 }, { "db": "NVD", "id": "CVE-2011-4858", "trust": 2.6 }, { "db": "OCERT", "id": "OCERT-2011-003", "trust": 1.9 }, { "db": "SECUNIA", "id": "48791", "trust": 1.1 }, { "db": "SECUNIA", "id": "48790", "trust": 1.1 }, { "db": "SECUNIA", "id": "48549", "trust": 1.1 }, { "db": "SECUNIA", "id": "54971", "trust": 1.1 }, { "db": "SECUNIA", "id": "55115", "trust": 1.1 }, { "db": "BID", "id": "51200", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2012-001003", "trust": 0.8 }, { "db": "SECUNIA", "id": "47643", "trust": 0.2 }, { "db": "EXPLOIT-DB", "id": "2012", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2011-4858", "trust": 0.1 }, { "db": "HITACHI", "id": "HS12-002", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "108860", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114139", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111783", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "112906", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110084", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109272", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109367", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109274", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#903934" }, { "db": "VULMON", "id": "CVE-2011-4858" }, { "db": "JVNDB", "id": "JVNDB-2012-001003" }, { "db": "PACKETSTORM", "id": "108860" }, { "db": "PACKETSTORM", "id": "114139" }, { "db": "PACKETSTORM", "id": "111783" }, { "db": "PACKETSTORM", "id": "112906" }, { "db": "PACKETSTORM", "id": "110084" }, { "db": "PACKETSTORM", "id": "109272" }, { "db": "PACKETSTORM", "id": "109367" }, { "db": "PACKETSTORM", "id": "109274" }, { "db": "NVD", "id": "CVE-2011-4858" } ] }, "id": "VAR-201201-0259", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.26205936 }, "last_update_date": "2024-11-29T22:15:39.169000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Changelog", "trust": 0.8, "url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html" }, { "title": "HS12-019", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-019/index.html" }, { "title": "HS12-003", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-003/index.html" }, { "title": "1626697", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626697" }, { "title": "4034373", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24034373" }, { "title": "NV12-003", "trust": 0.8, "url": "http://www.nec.co.jp/security-info/secinfo/nv12-003.html" }, { "title": "Bug 750521", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521" }, { "title": "Multiple vulnerabilities in Oracle Java Web Console - oracle_java", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java" }, { "title": "Multiple vulnerabilities in Oracle Java Web Console - oracle_java1", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_oracle_java1" }, { "title": "Multiple Denial of Service (DoS) vulnerabilities in Apache Tomcat", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_dos" }, { "title": "CY12-02-006", "trust": 0.8, "url": "http://cs.cybozu.co.jp/information/20120224up08.php" }, { "title": "interstage_as_201201", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201201.html" }, { "title": "HS12-019", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-019/index.html" }, { "title": "HS12-003", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-003/index.html" }, { "title": "\u3010iStorage M\u30b7\u30ea\u30fc\u30ba\u3011WebSAM Storage VMware vCenter Plug-inV1.1\u304c\u4f7f\u7528\u3057\u3066\u3044\u308bApache Tomcat\u8106\u5f31\u6027\u554f\u984c\u306e\u5bfe\u51e6\u306b\u3064\u3044\u3066", "trust": 0.8, "url": "http://www.support.nec.co.jp/View.aspx?id=3140100906" }, { "title": "WebOTX Web\u30b3\u30f3\u30c6\u30ca \u306e\u30cf\u30c3\u30b7\u30e5\u306b\u95a2\u3059\u308b\u8106\u5f31\u6027\uff08CVE-2011-4858\uff09\u306b\u3064\u3044\u3066", "trust": 0.8, "url": "https://www.support.nec.co.jp/View.aspx?id=3010100358" }, { "title": "InfoCage PC\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 - \u91cd\u8981\u306a\u304a\u77e5\u3089\u305b", "trust": 0.8, "url": "http://www.nec.co.jp/cced/infocage/info/pc_security_news120329.html" }, { "title": "Red Hat: Moderate: tomcat6 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120475 - Security Advisory" }, { "title": "Red Hat: Moderate: tomcat5 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120474 - Security Advisory" }, { "title": "Red Hat: Important: jbossweb security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120074 - Security Advisory" }, { "title": "Red Hat: Important: jbossweb security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120076 - Security Advisory" }, { "title": "Ubuntu Security Notice: tomcat6 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1359-1" }, { "title": "Red Hat: Moderate: tomcat5 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120680 - Security Advisory" }, { "title": "Red Hat: Moderate: tomcat6 security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120682 - Security Advisory" }, { "title": "", "trust": 0.1, "url": "https://github.com/Live-Hack-CVE/CVE-2011-4084 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-4858" }, { "db": "JVNDB", "id": "JVNDB-2012-001003" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-399", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001003" }, { "db": "NVD", "id": "CVE-2011-4858" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.9, "url": "http://www.ocert.org/advisories/ocert-2011-003.html" }, { "trust": 1.9, "url": "http://www.nruns.com/_downloads/advisory28122011.pdf" }, { "trust": 1.9, "url": "http://www.kb.cert.org/vuls/id/903934" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2012-0074.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2012-0325.html" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2012-0078.html" }, { "trust": 1.1, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750521" }, { "trust": 1.1, "url": "http://tomcat.apache.org/tomcat-7.0-doc/changelog.html" }, { "trust": 1.1, "url": "https://github.com/firefart/hashcollision-dos-poc/blob/master/hashtablepoc.py" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132871655717248\u0026w=2" }, { "trust": 1.1, "url": "http://www.debian.org/security/2012/dsa-2401" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48791" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48790" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "trust": 1.1, "url": "http://secunia.com/advisories/54971" }, { "trust": 1.1, "url": "http://secunia.com/advisories/55115" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2012-0089.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2012-0406.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2012-0075.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2012-0076.html" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2012-0077.html" }, { "trust": 1.1, "url": "http://www.securityfocus.com/bid/51200" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a18886" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48549" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133294394108746\u0026w=2" }, { "trust": 1.0, "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4efb9800.5010106%40apache.org%3e" }, { "trust": 0.8, "url": "http://www.cs.rice.edu/~scrosby/hash/crosbywallach_usenixsec2003.pdf" }, { "trust": 0.8, "url": "http://technet.microsoft.com/en-us/security/bulletin/ms11-100.mspx" }, { "trust": 0.8, "url": "http://blogs.technet.com/b/srd/archive/2011/12/27/more-information-about-the-december-2011-asp-net-vulnerability.aspx" }, { "trust": 0.8, "url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4858" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20120106-web.html" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu903934" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4858" }, { "trust": 0.7, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4858" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184" }, { "trust": 0.6, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.6, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.6, "url": "https://www.redhat.com/security/data/cve/cve-2011-4858.html" }, { "trust": 0.6, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2012-0022.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0022" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2011-5063.html" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2011-2526.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5063" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2011-5064.html" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2011-1184.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5064" }, { "trust": 0.5, "url": "https://www.redhat.com/security/data/cve/cve-2011-5062.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5062" }, { "trust": 0.4, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.3, "url": "https://www.redhat.com/security/data/cve/cve-2011-4610.html" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4610" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3375" }, { "trust": 0.2, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.2, "url": "http://tomcat.apache.org/security-6.html" }, { "trust": 0.2, "url": "https://docs.redhat.com/docs/en-us/index.html" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/399.html" }, { "trust": 0.1, "url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201112.mbox/%3c4efb9800.5010106@apache.org%3e" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2012:0475" }, { "trust": 0.1, "url": "https://github.com/live-hack-cve/cve-2011-4084" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1359-1/" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/2012/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=24901" }, { "trust": 0.1, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-002/index.html" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47643" }, { "trust": 0.1, "url": "http://secunia.com/company/jobs/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/47643/#comments" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/47643/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0783" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0033" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0781" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2729" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2902" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5062" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0534" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1183" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3718" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1475" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0534" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0013" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5063" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3718" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1582" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4172" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5064" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4312" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1475" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2227" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1088" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-0580" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2901" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2526" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1183" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1184" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2204" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2008-5515" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0022" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-2693" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1157" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4172" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1088" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2481" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0783" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4312" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4858" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2227" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2481" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0013" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-5515" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3190" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1419" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3375" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201206-24.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-1582" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1419" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0475.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-2204.html" }, { "trust": 0.1, "url": "https://issues.jboss.org/browse/jbpapp-6852" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3375.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3190.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0682.html" }, { "trust": 0.1, "url": "https://issues.jboss.org/browse/jbpapp-6133" }, { "trust": 0.1, "url": "https://issues.jboss.org/browse/jbpapp-4873" }, { "trust": 0.1, "url": "https://access.redhat.com/knowledge/articles/11258" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=brms\u0026downloadtype=securitypatches\u0026version=5.2.0" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=soaplatform\u0026downloadtype=securitypatches\u0026version=5.2.0+ga" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=jbportal\u0026downloadtype=securitypatches\u0026version=5.2.0" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4085" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1484" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jbportal\u0026version=4.3+cp07" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-1484.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0091.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-4085.html" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?product=communications.platform\u0026downloadtype=distributions" } ], "sources": [ { "db": "CERT/CC", "id": "VU#903934" }, { "db": "VULMON", "id": "CVE-2011-4858" }, { "db": "JVNDB", "id": "JVNDB-2012-001003" }, { "db": "PACKETSTORM", "id": "108860" }, { "db": "PACKETSTORM", "id": "114139" }, { "db": "PACKETSTORM", "id": "111783" }, { "db": "PACKETSTORM", "id": "112906" }, { "db": "PACKETSTORM", "id": "110084" }, { "db": "PACKETSTORM", "id": "109272" }, { "db": "PACKETSTORM", "id": "109367" }, { "db": "PACKETSTORM", "id": "109274" }, { "db": "NVD", "id": "CVE-2011-4858" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#903934" }, { "db": "VULMON", "id": "CVE-2011-4858" }, { "db": "JVNDB", "id": "JVNDB-2012-001003" }, { "db": "PACKETSTORM", "id": "108860" }, { "db": "PACKETSTORM", "id": "114139" }, { "db": "PACKETSTORM", "id": "111783" }, { "db": "PACKETSTORM", "id": "112906" }, { "db": "PACKETSTORM", "id": "110084" }, { "db": "PACKETSTORM", "id": "109272" }, { "db": "PACKETSTORM", "id": "109367" }, { "db": "PACKETSTORM", "id": "109274" }, { "db": "NVD", "id": "CVE-2011-4858" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-12-28T00:00:00", "db": "CERT/CC", "id": "VU#903934" }, { "date": "2012-01-05T00:00:00", "db": "VULMON", "id": "CVE-2011-4858" }, { "date": "2012-01-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001003" }, { "date": "2012-01-20T08:20:03", "db": "PACKETSTORM", "id": "108860" }, { "date": "2012-06-24T23:54:31", "db": "PACKETSTORM", "id": "114139" }, { "date": "2012-04-12T03:14:12", "db": "PACKETSTORM", "id": "111783" }, { "date": "2012-05-22T00:21:41", "db": "PACKETSTORM", "id": "112906" }, { "date": "2012-02-23T04:44:48", "db": "PACKETSTORM", "id": "110084" }, { "date": "2012-02-01T02:55:02", "db": "PACKETSTORM", "id": "109272" }, { "date": "2012-02-03T00:18:35", "db": "PACKETSTORM", "id": "109367" }, { "date": "2012-02-01T02:55:27", "db": "PACKETSTORM", "id": "109274" }, { "date": "2012-01-05T19:55:01.033000", "db": "NVD", "id": "CVE-2011-4858" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-15T00:00:00", "db": "CERT/CC", "id": "VU#903934" }, { "date": "2018-01-09T00:00:00", "db": "VULMON", "id": "CVE-2011-4858" }, { "date": "2013-03-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001003" }, { "date": "2024-11-21T01:33:07.977000", "db": "NVD", "id": "CVE-2011-4858" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "111783" }, { "db": "PACKETSTORM", "id": "112906" }, { "db": "PACKETSTORM", "id": "110084" }, { "db": "PACKETSTORM", "id": "109272" } ], "trust": 0.4 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Hash table implementations vulnerable to algorithmic complexity attacks", "sources": [ { "db": "CERT/CC", "id": "VU#903934" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "arbitrary", "sources": [ { "db": "PACKETSTORM", "id": "114139" } ], "trust": 0.1 } }
var-201405-0502
Vulnerability from variot
CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113. This vulnerability CVE-2014-0113 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The " operation " And the session state may change. Apache Struts is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 2.0.0 through 2.3.16.2 are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201405-0502", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.16.1" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.15.1" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.8" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.7" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.4.1" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.15.3" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.3" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.15.2" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.16.2" }, { "model": "struts", "scope": "eq", "trust": 1.6, "vendor": "apache", "version": "2.3.4" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.4" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.8" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.9" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.3" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.14.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.15" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.10" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.14.2" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.11" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.3" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.1.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.2" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.0" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.14" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.1.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.5" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.8.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.0" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.3.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.11.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.12" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.6" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.8" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.2.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.7" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.4" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.11.2" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.2" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.13" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.1" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.3" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.12" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.5" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.14.3" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.1.6" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.16" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.0.14" }, { "model": "struts", "scope": "eq", "trust": 1.0, "vendor": "apache", "version": "2.3.1.2" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v9.1" }, { "model": "infocage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "security risk management v1.0.0 to v2.1.3" }, { "model": "serverview", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "resource orchestrator" }, { "model": "interstage service integrator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "struts", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "2.3.16.3" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v5.1 to v5.2" }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "connections", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "4.5" }, { "model": "systemwalker software configuration manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "infocage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "pc security" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.1" }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "analytics server" }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application development cycle manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "struts", "scope": "lt", "trust": 0.8, "vendor": "apache", "version": "2.x" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rfid manager lite v2.0" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "business analytics modeling server" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "enterprise monitor 3.0.10 and earlier" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.3 to v8.4" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v6.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v6.1 to v6.5" }, { "model": "systemwalker service catalog manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "esmpro/servermanager", "scope": "lte", "trust": 0.8, "vendor": "nec", "version": "ver5.75 and earlier" }, { "model": "cloud infrastructure management software", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard-j edition v5.1 to v5.2" }, { "model": "connections", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "4.0" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "enterprise monitor 2.3.16 and earlier" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "business process manager analytics" }, { "model": "integrated system ha database ready", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "triole", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "cloud middle set b set" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rfid manager st ard v2.0" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard-j edition v6.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard edition v6.1 to v6.5" }, { "model": "connections", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "3.0.1.1 and earlier" }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rfid manager enterprise v7.1" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "extreme transaction processing server" }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "connections", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "5.0" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "st ard edition v5.1 to v5.2" }, { "model": "webotx developer", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "\"v8.2 to v8.4 (with developers studio only )\"" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "mobile manager" }, { "model": "systemwalker service quality coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "server" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v5.1 to v5.2" }, { "model": "webotx developer", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "\"v9.1 to v9.2 (with developers studio only )\"" }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.11" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.7" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.4" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.6" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.5" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.14" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.9" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.8" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.4" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.5" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.12" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.6" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.13" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.10" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" } ], "sources": [ { "db": "BID", "id": "67218" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "CNNVD", "id": "CNNVD-201405-150" }, { "db": "NVD", "id": "CVE-2014-0116" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:struts", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:connections", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:mysql", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:esmpro_servermanager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:infocage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_portal", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:integrated_system_ha_database_ready", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:serverview", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:symfoware", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:triole", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:cloud_infrastructure_management_software", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002411" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Zubair Ashraf of IBM X-Force", "sources": [ { "db": "BID", "id": "67218" } ], "trust": 0.3 }, "cve": "CVE-2014-0116", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "exploitabilityScore": 8.6, "id": "CVE-2014-0116", "impactScore": 4.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0116", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2014-0116", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201405-150", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-0116", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0116" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "CNNVD", "id": "CNNVD-201405-150" }, { "db": "NVD", "id": "CVE-2014-0116" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113. This vulnerability CVE-2014-0113 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The \" operation \" And the session state may change. Apache Struts is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Struts versions 2.0.0 through 2.3.16.2 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2014-0116" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "BID", "id": "67218" }, { "db": "VULMON", "id": "CVE-2014-0116" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0116", "trust": 2.8 }, { "db": "BID", "id": "67218", "trust": 2.0 }, { "db": "SECUNIA", "id": "59816", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2014-002411", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201405-150", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2014-0116", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0116" }, { "db": "BID", "id": "67218" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "CNNVD", "id": "CNNVD-201405-150" }, { "db": "NVD", "id": "CVE-2014-0116" } ] }, "id": "VAR-201405-0502", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.1875 }, "last_update_date": "2024-11-23T21:45:09.999000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "1680848", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680848" }, { "title": "1681190", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681190" }, { "title": "NV15-001", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-001.html" }, { "title": "Oracle Critical Patch Update Advisory - April 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html" }, { "title": "Bug 1094558", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094558" }, { "title": "Huawei-SA-20140707-01-Struts2", "trust": 0.8, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm" }, { "title": "April 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update" }, { "title": "S2-022", "trust": 0.8, "url": "http://struts.apache.org/release/2.3.x/docs/s2-022.html" }, { "title": "CVE-2014-0094 \u4ed6 \u306b\u95a2\u3059\u308b\u5f71\u97ff", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/cve2014-0094-0114.html" }, { "title": "Symfoware Server\uff08Open\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\uff09: Struts\u306e\u8106\u5f31\u6027(CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116) (2014\u5e746\u67082\u65e5)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201402.html" }, { "title": "FUJITSU Integrated System HA Database Ready: Struts2\u306e\u8106\u5f31\u6027(CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0116) (2014\u5e746\u670819\u65e5)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/ha_db_ready_201401.html" }, { "title": "Red Hat: CVE-2014-0116", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0116" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585" }, { "title": "-maven-security-versions", "trust": 0.1, "url": "https://github.com/nagauker/-maven-security-versions " }, { "title": "maven-security-versions-Travis", "trust": 0.1, "url": "https://github.com/klee94/maven-security-versions-Travis " }, { "title": "maven-security-versions", "trust": 0.1, "url": "https://github.com/victims/maven-security-versions " }, { "title": "victims", "trust": 0.1, "url": "https://github.com/tmpgit3000/victims " }, { "title": "victims", "trust": 0.1, "url": "https://github.com/alexsh88/victims " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0116" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-264", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "NVD", "id": "CVE-2014-0116" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "http://struts.apache.org/release/2.3.x/docs/s2-022.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/67218" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59816" }, { "trust": 1.7, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0116" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0116" }, { "trust": 0.3, "url": "http://struts.apache.org/" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/264.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34163" }, { "trust": 0.1, "url": "https://github.com/victims/maven-security-versions" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0116" }, { "db": "BID", "id": "67218" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "CNNVD", "id": "CNNVD-201405-150" }, { "db": "NVD", "id": "CVE-2014-0116" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-0116" }, { "db": "BID", "id": "67218" }, { "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "db": "CNNVD", "id": "CNNVD-201405-150" }, { "db": "NVD", "id": "CVE-2014-0116" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-05-08T00:00:00", "db": "VULMON", "id": "CVE-2014-0116" }, { "date": "2014-05-06T00:00:00", "db": "BID", "id": "67218" }, { "date": "2014-05-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "date": "2014-05-09T00:00:00", "db": "CNNVD", "id": "CNNVD-201405-150" }, { "date": "2014-05-08T10:55:02.967000", "db": "NVD", "id": "CVE-2014-0116" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-12T00:00:00", "db": "VULMON", "id": "CVE-2014-0116" }, { "date": "2015-04-16T18:14:00", "db": "BID", "id": "67218" }, { "date": "2016-08-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002411" }, { "date": "2019-08-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201405-150" }, { "date": "2024-11-21T02:01:24.537000", "db": "NVD", "id": "CVE-2014-0116" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201405-150" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Struts of CookieInterceptor In ClassLoader Vulnerability manipulated", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002411" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201405-150" } ], "trust": 0.6 } }
var-201404-0287
Vulnerability from variot
CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. This vulnerability CVE-2014-0094 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The " operation (manipulate)" And any code could be executed. Apache Struts is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 2.0.0 through 2.3.16.1 are vulnerable
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0287", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "struts", "scope": "lt", "trust": 1.8, "vendor": "apache", "version": "2.3.16.2" }, { "model": "connections", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "5.0" }, { "model": "connections", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "4.5" }, { "model": "connections", "scope": "eq", "trust": 1.1, "vendor": "ibm", "version": "4.0" }, { "model": "struts", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.0" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.4" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.8" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.7" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.16.1" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.16" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.15.3" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.15.2" }, { "model": "struts", "scope": "eq", "trust": 0.9, "vendor": "apache", "version": "2.3.15.1" }, { "model": "connections", "scope": "lte", "trust": 0.8, "vendor": "ibm", "version": "3.0.1.1" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "enterprise monitor 2.3.16" }, { "model": "mysql", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "enterprise monitor 3.0.10" }, { "model": "esmpro/servermanager", "scope": "lte", "trust": 0.8, "vendor": "nec", "version": "ver5.75" }, { "model": "infocage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "pc security" }, { "model": "infocage", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "security risk management v1.0.0 to v2.1.3" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v5.1 to v5.2" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v6.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rfid manager enterprise v7.1" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rfid manager lite v2.0" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "rfid manager standard v2.0" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v5.1 to v5.2" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v6.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard-j edition v5.1 to v5.2" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard-j edition v6.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v5.1 to v5.2" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v6.1 to v6.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v7.1" }, { "model": "webotx developer", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "\"v8.2 to v8.4 (with developers studio only )\"" }, { "model": "webotx developer", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "\"v9.1 to v9.2 (with developers studio only )\"" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.3 to v8.4" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v9.1" }, { "model": "integrated system ha database ready", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "business analytics modeling server" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "business process manager analytics" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "extreme transaction processing server" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "mobile manager" }, { "model": "interstage application development cycle manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage service integrator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "serverview", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "resource orchestrator" }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "analytics server" }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "server" }, { "model": "systemwalker service catalog manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker service quality coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker software configuration manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "triole", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "cloud middle set b set" }, { "model": "cloud infrastructure management software", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.4.1" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.3" }, { "model": "keybox", "scope": "eq", "trust": 0.3, "vendor": "skavanagh", "version": "2.10.02" }, { "model": "ec2box", "scope": "eq", "trust": 0.3, "vendor": "skavanagh", "version": "0.11.01" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0.10" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.16" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.15" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.14" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3.13" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0" }, { "model": "mysql enterprise monitor", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.3" }, { "model": "sterling web channel", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "sterling web channel", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "sterling selling and fulfillment foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2.1" }, { "model": "sterling selling and fulfillment foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "sterling selling and fulfillment foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "sterling selling and fulfillment foundation", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "sterling order management", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "sterling field sales", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2.1" }, { "model": "sterling field sales", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2.0" }, { "model": "sterling field sales", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.0" }, { "model": "sterling field sales", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "platform symphony", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "platform symphony", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "platform symphony", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2" }, { "model": "platform hpc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "platform hpc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "platform hpc", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "platform cluster manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "platform cluster manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1" }, { "model": "platform cluster manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.2" }, { "model": "platform application center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "platform application center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.1" }, { "model": "platform application center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1" }, { "model": "platform application center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.00" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.10" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.1" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1.0" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0.1" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.0" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.0.3" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.0.2" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.0.1" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.5.0.0" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.1.1" }, { "model": "connections", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.0.0.0" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.0.2" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.0.1" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.3.0" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.2.0" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.1.3" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "6.1.0" }, { "model": "clearpass", "scope": "eq", "trust": 0.3, "vendor": "arubanetworks", "version": "5.0" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.41" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.6" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.5" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.14" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.12" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.10" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.9" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.8" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.7" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.6" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.5" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.4" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.3" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.15" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.14.3" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.14.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.14.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.14" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.2" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3.1" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.4" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.3" }, { "model": "struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.13" }, { "model": "keybox", "scope": "ne", "trust": 0.3, "vendor": "skavanagh", "version": "2.10.03" }, { "model": "ec2box", "scope": "ne", "trust": 0.3, "vendor": "skavanagh", "version": "0.11.02" }, { "model": "clearpass", "scope": "ne", "trust": 0.3, "vendor": "arubanetworks", "version": "6.3.2" }, { "model": "clearpass", "scope": "ne", "trust": 0.3, "vendor": "arubanetworks", "version": "6.2.6" }, { "model": "clearpass", "scope": "ne", "trust": 0.3, "vendor": "arubanetworks", "version": "6.1.4" }, { "model": "struts", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "2.3.16.2" } ], "sources": [ { "db": "BID", "id": "67081" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "CNNVD", "id": "CNNVD-201404-570" }, { "db": "NVD", "id": "CVE-2014-0113" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:struts", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:connections", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:mysql", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:esmpro_servermanager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:infocage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_portal", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:integrated_system_ha_database_ready", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:serverview", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:symfoware", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:triole", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:cloud_infrastructure_management_software", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002269" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Taki Uchiyama, Takeshi Terada, Takayoshi Isayama, Yoshiyuki Karezaki, BAKA/ty, \nShine, NSFOCUS Security Team and heige.", "sources": [ { "db": "BID", "id": "67081" } ], "trust": 0.3 }, "cve": "CVE-2014-0113", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-0113", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0113", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2014-0113", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201404-570", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2014-0113", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0113" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "CNNVD", "id": "CNNVD-201404-570" }, { "db": "NVD", "id": "CVE-2014-0113" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. This vulnerability CVE-2014-0094 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The \" operation (manipulate)\" And any code could be executed. Apache Struts is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Struts versions 2.0.0 through 2.3.16.1 are vulnerable", "sources": [ { "db": "NVD", "id": "CVE-2014-0113" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "BID", "id": "67081" }, { "db": "VULMON", "id": "CVE-2014-0113" } ], "trust": 1.98 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=33142", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0113" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0113", "trust": 2.8 }, { "db": "SECUNIA", "id": "59178", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2014-002269", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201404-570", "trust": 0.6 }, { "db": "BID", "id": "67081", "trust": 0.3 }, { "db": "EXPLOITDB", "id": "33142", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2014-0113", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0113" }, { "db": "BID", "id": "67081" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "CNNVD", "id": "CNNVD-201404-570" }, { "db": "NVD", "id": "CVE-2014-0113" } ] }, "id": "VAR-201404-0287", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.1875 }, "last_update_date": "2024-11-23T20:19:45.132000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Security Bulletins S2-021", "trust": 0.8, "url": "https://cwiki.apache.org/confluence/display/WW/S2-021" }, { "title": "Download a Release of Apache Struts -- Full Releases Struts 2.3.16.2", "trust": 0.8, "url": "http://struts.apache.org/download.cgi#struts23162" }, { "title": "1680848", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680848" }, { "title": "1681190", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681190" }, { "title": "NV15-001", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-001.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html" }, { "title": "Oracle Critical Patch Update Advisory - April 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "title": "April 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update" }, { "title": "CVE-2014-0094 \u4ed6 \u306b\u95a2\u3059\u308b\u5f71\u97ff", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/cve2014-0094-0114.html" }, { "title": "Symfoware Server\uff08Open\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\uff09: Struts\u306e\u8106\u5f31\u6027(CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116) (2014\u5e746\u67082\u65e5)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201402.html" }, { "title": "FUJITSU Integrated System HA Database Ready: Struts2\u306e\u8106\u5f31\u6027(CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0116) (2014\u5e746\u670819\u65e5)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/ha_db_ready_201401.html" }, { "title": "struts-2.3.16.2-all", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49668" }, { "title": "Red Hat: CVE-2014-0113", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0113" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585" }, { "title": "-maven-security-versions", "trust": 0.1, "url": "https://github.com/nagauker/-maven-security-versions " }, { "title": "maven-security-versions-Travis", "trust": 0.1, "url": "https://github.com/klee94/maven-security-versions-Travis " }, { "title": "maven-security-versions", "trust": 0.1, "url": "https://github.com/victims/maven-security-versions " }, { "title": "victims", "trust": 0.1, "url": "https://github.com/tmpgit3000/victims " }, { "title": "victims", "trust": 0.1, "url": "https://github.com/alexsh88/victims " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0113" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "CNNVD", "id": "CNNVD-201404-570" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-264", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "NVD", "id": "CVE-2014-0113" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.0, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "trust": 2.0, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706" }, { "trust": 1.7, "url": "https://cwiki.apache.org/confluence/display/ww/s2-021" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59178" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/531952/100/0/threaded" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0113" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0113" }, { "trust": 0.3, "url": "http://www.arubanetworks.com/support/alerts/aid-051414.asc" }, { "trust": 0.3, "url": "https://github.com/skavanagh/ec2box/releases/tag/v0.11.02" }, { "trust": 0.3, "url": "https://github.com/skavanagh/keybox/releases/tag/v2.10.03" }, { "trust": 0.3, "url": "http://struts.apache.org/" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680848" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020896" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020893" }, { "trust": 0.3, "url": "http://struts.apache.org/development/2.x/docs/s2-021.html" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020894" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020895" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/264.html" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33975" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://github.com/victims/maven-security-versions" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/33142/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0113" }, { "db": "BID", "id": "67081" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "CNNVD", "id": "CNNVD-201404-570" }, { "db": "NVD", "id": "CVE-2014-0113" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-0113" }, { "db": "BID", "id": "67081" }, { "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "db": "CNNVD", "id": "CNNVD-201404-570" }, { "db": "NVD", "id": "CVE-2014-0113" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-04-29T00:00:00", "db": "VULMON", "id": "CVE-2014-0113" }, { "date": "2014-04-28T00:00:00", "db": "BID", "id": "67081" }, { "date": "2014-04-30T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "date": "2014-04-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-570" }, { "date": "2014-04-29T10:37:03.700000", "db": "NVD", "id": "CVE-2014-0113" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-12T00:00:00", "db": "VULMON", "id": "CVE-2014-0113" }, { "date": "2015-05-07T17:38:00", "db": "BID", "id": "67081" }, { "date": "2016-08-02T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-002269" }, { "date": "2019-08-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-570" }, { "date": "2024-11-21T02:01:23.837000", "db": "NVD", "id": "CVE-2014-0113" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-570" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Struts of CookieInterceptor In ClassLoader Vulnerability manipulated", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-002269" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-570" } ], "trust": 0.6 } }
var-202002-0484
Vulnerability from variot
The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15. Interstage and Systemwalker Related products etc. TLS For operation TLS Multiple product vulnerabilities related to CVE-2019-13163 ) Exists.A man-in-the-middle attacker between the server and the client could break the encrypted communication
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0484", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "sparc enterprise m8000", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": null }, { "model": "systemwalker runbook automation", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.3" }, { "model": "interstage studio", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "9.1.0" }, { "model": "systemwalker desktop keeper", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.1" }, { "model": "systemwalker software configuration manager express", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.6.0" }, { "model": "interstage list works", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.3.2a" }, { "model": "primergy rx4770 m5", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": null }, { "model": "granpower 5000", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": null }, { "model": "interstage list works", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.3.0" }, { "model": "interstage studio", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "12.0.0" }, { "model": "safeauthor", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "3.4" }, { "model": "systemwalker desktop patrol", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.2.0e" }, { "model": "systemwalker desktop keeper", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.3" }, { "model": "systemwalker operation manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "13.6.1" }, { "model": "systemwalker security control", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "1.0.0a" }, { "model": "systemwalker operation manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "13.4.1" }, { "model": "systemwalker operation manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "13.8.0e" }, { "model": "systemwalker desktop patrol", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.0" }, { "model": "systemwalker operation manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "13.6.0" }, { "model": "sparc enterprise m9000", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": null }, { "model": "systemwalker desktop keeper", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.2.0e" }, { "model": "sparc enterprise m4000", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": null }, { "model": "interstage business application manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "1.0l10" }, { "model": "sparc m12-2", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": null }, { "model": "primergy tx2550 m5", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": null }, { "model": "systemwalker desktop patrol", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.0a" }, { "model": "systemwalker desktop patrol", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.2.0" }, { "model": "systemwalker desktop keeper", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.0e" }, { "model": "triole cloud middle set b set", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "1.2.0" }, { "model": "interstage web server express", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "11.1.1" }, { "model": "interstage application development cycle manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.3" }, { "model": "linkexpress", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "5.0l21" }, { "model": "systemwalker operation manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "13.8.0a" }, { "model": "systemwalker runbook automation", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.3a" }, { "model": "interstage job workload server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "8.1.1" }, { "model": "triole cloud middle set b set", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "1.1.2" }, { "model": "systemwalker desktop keeper", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.0.1a" }, { "model": "systemwalker runbook automation", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.0.0a" }, { "model": "systemwalker desktop patrol", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.3.0" }, { "model": "interstage studio", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.1.0" }, { "model": "primepower", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "systemwalker runbook automation v14g", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "14.1.0a" }, { "model": "systemwalker operation manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "13.9.1" }, { "model": "interstage studio", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "11.0.0" }, { "model": "systemwalker desktop patrol", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.3e" }, { "model": "systemwalker operation manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "13.4.1a" }, { "model": "sparc m12-1", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": null }, { "model": "linkexpress", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "5.0l20" }, { "model": "sparc m12-2s", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": null }, { "model": "triole cloud middle set b set", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "1.0.0" }, { "model": "serverview resource orchestrator", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "3.1.1" }, { "model": "interstage studio", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "11.1.0" }, { "model": "systemwalker it change manager v14g", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "14.1.0" }, { "model": "systemwalker operation manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "13.4.0" }, { "model": "systemwalker desktop keeper", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.0.0b" }, { "model": "interstage studio", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "12.1.0" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "9.1.0" }, { "model": "interstage application development cycle manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.3.1" }, { "model": "interstage application development cycle manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.2" }, { "model": "interstage studio", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "9.2.0" }, { "model": "systemwalker desktop patrol", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.0.1" }, { "model": "systemwalker security control", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "1.0.0b" }, { "model": "interstage studio", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "12.2.0" }, { "model": "systemwalker software configuration manager express", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.5.0a" }, { "model": "systemwalker operation manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "13.7.0a" }, { "model": "interstage studio", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "9.1.0b" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "9.0.0b" }, { "model": "systemwalker runbook automation", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.0" }, { "model": "interstage application development cycle manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.3.2" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "11.2.0" }, { "model": "interstage business application manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "1.0l20" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "8.0.3" }, { "model": "systemwalker software configuration manager express", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.5.0" }, { "model": "systemwalker software configuration manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.6.0" }, { "model": "interstage business application manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "1.1" }, { "model": "sparc enterprise m5000", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "11.1.1" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "9.0.0" }, { "model": "interstage list works", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "9.0.1a" }, { "model": "systemwalker desktop patrol", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.3.0a" }, { "model": "interstage application development cycle manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.3.1a" }, { "model": "systemwalker desktop patrol", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.1e" }, { "model": "systemwalker desktop keeper", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.0" }, { "model": "interstage list works", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.3.0b" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.0.0" }, { "model": "systemwalker runbook automation", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.2" }, { "model": "systemwalker it change manager v14g", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "14.0.0" }, { "model": "serverview resource orchestrator", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "3.3.0" }, { "model": "systemwalker desktop keeper", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.2.0" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "9.3.1" }, { "model": "serverview resource orchestrator", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "3.4.0" }, { "model": "interstage business application manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "2.0.1" }, { "model": "systemwalker runbook automation", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.2a" }, { "model": "safeauthor", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "3.1" }, { "model": "interstage application development cycle manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.1" }, { "model": "interstage list works", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.0.0" }, { "model": "systemwalker desktop keeper", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.3.0" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "9.2.0a" }, { "model": "systemwalker desktop patrol", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.0.1b" }, { "model": "systemwalker runbook automation v14g", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "14.1.0" }, { "model": "systemwalker desktop keeper", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.2" }, { "model": "interstage application development cycle manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.0" }, { "model": "systemwalker operation manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "13.7.0" }, { "model": "serverview resource orchestrator", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "3.1.0" }, { "model": "interstage web server express", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "11.0.0" }, { "model": "interstage list works", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.3.1" }, { "model": "interstage business application manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "1.0l21" }, { "model": "systemwalker desktop keeper", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.3e" }, { "model": "systemwalker it change manager v14g", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "14.0.0a" }, { "model": "systemwalker operation manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "13.9.0" }, { "model": "gps", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": null }, { "model": "interstage web server express", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "11.1.0" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "12.0.0" }, { "model": "systemwalker desktop keeper", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.2e" }, { "model": "primergy rx2540 m5", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "12.2.0" }, { "model": "interstage list works", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.3.2" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "9.0.1b" }, { "model": "interstage list works", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.4.0" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "9.3.0" }, { "model": "systemwalker desktop keeper", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.0.1" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "9.0.1" }, { "model": "primergy rx2530 m5", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": null }, { "model": "systemwalker it change manager v14g", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "14.1.1" }, { "model": "systemwalker operation manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "16.0.0a" }, { "model": "interstage application development cycle manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.2.0" }, { "model": "interstage application development cycle manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.0a" }, { "model": "safeauthor", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "3.3" }, { "model": "triole cloud middle set b set", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "1.1.0" }, { "model": "systemwalker runbook automation", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.0.0" }, { "model": "systemwalker desktop patrol", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.1" }, { "model": "interstage list works", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "9.0.1" }, { "model": "interstage studio", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "11.1.0a" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application development cycle manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.1.1" }, { "model": "sparc enterprise m3000", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": null }, { "model": "gp7000f", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": null }, { "model": "interstage list works", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.3.0a" }, { "model": "interstage information integrator", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "11.3.0" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "9.1.0a" }, { "model": "systemwalker operation manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "16.0.1" }, { "model": "systemwalker software configuration manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.5.0" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.1.0" }, { "model": "systemwalker desktop keeper", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.1e" }, { "model": "systemwalker desktop patrol", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.3" }, { "model": "systemwalker security control", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "1.0.0" }, { "model": "serverview resource orchestrator", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "3.0.0" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "11.0.0" }, { "model": "linkexpress", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v5.0l20" }, { "model": "serverview resource orchestrator", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "3.1.2" }, { "model": "interstage application development cycle manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.3.0" }, { "model": "interstage list works", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.3.0c" }, { "model": "systemwalker operation manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "16.0.0" }, { "model": "interstage list works", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.1.0" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "11.1.0" }, { "model": "systemwalker operation manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "13.4.0b" }, { "model": "systemwalker desktop patrol", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.0e" }, { "model": "systemwalker operation manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "13.8.0" }, { "model": "systemwalker desktop keeper", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.0.1b" }, { "model": "serverview resource orchestrator", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "3.2.0" }, { "model": "primequest", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "12.1.0" }, { "model": "systemwalker desktop patrol", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.0.1a" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "9.2.0" }, { "model": "safeauthor", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "3.6l10" }, { "model": "interstage studio", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.0.0" }, { "model": "triole cloud middle set b set", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "1.1.1" }, { "model": "safeauthor", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "3.0" }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "9.1.0b" }, { "model": "interstage information integrator agent", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "11.3.0" }, { "model": "interstage list works", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "10.2.0" }, { "model": "interstage business application manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "2.0.0" }, { "model": "systemwalker desktop patrol", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.0.0a" }, { "model": "systemwalker runbook automation", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.1.1" }, { "model": "celsius", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "systemwalker software configuration manager", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "15.5.0a" }, { "model": "internet navigware enterprise lms server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application development cycle manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage big data complex event processing server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage information integrator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage information integrator agent", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage list works", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage mobile application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server express", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "linkexpress", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "safeauthor", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "serverview resource orchestrator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "symfoware analytics server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "symfoware server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker centric manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker cloud business service management", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker desktop keeper", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker desktop patrol", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker it change manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker operation manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker runbook automation", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker security control", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker software configuration manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker software configuration manager express", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "triole", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "\u30af\u30e9\u30a6\u30c9\u30df\u30c9\u30eb\u30bb\u30c3\u30c8 b\u30bb\u30c3\u30c8" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-002248" }, { "db": "NVD", "id": "CVE-2019-13163" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:fujitsu:internet_navigware_Enterprise_LMS_Server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_big_data_complex_event_processing_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_information_integrator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_information_integrator_agent", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_list_works", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_mobile_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server_express", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:linkexpress", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:safeauthor", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:serverview_resource_orchestrator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:symfoware_analytics_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:symfoware_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_centric_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_cloud_business_service_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_desktop_keeper", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_desktop_patrol", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_change_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_operation_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_runbook_automation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_security_control", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager_expres", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:triole", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-002248" } ] }, "cve": "CVE-2019-13163", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2019-13163", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 4.3, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-002248", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.2, "id": "CVE-2019-13163", "impactScore": 3.6, "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.9, "baseSeverity": "Medium", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "JVNDB-2020-002248", "impactScore": null, "integrityImpact": "None", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2019-13163", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2020-002248", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202002-237", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2019-13163", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-13163" }, { "db": "JVNDB", "id": "JVNDB-2020-002248" }, { "db": "CNNVD", "id": "CNNVD-202002-237" }, { "db": "NVD", "id": "CVE-2019-13163" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15. Interstage and Systemwalker Related products etc. TLS For operation TLS Multiple product vulnerabilities related to CVE-2019-13163 ) Exists.A man-in-the-middle attacker between the server and the client could break the encrypted communication", "sources": [ { "db": "NVD", "id": "CVE-2019-13163" }, { "db": "JVNDB", "id": "JVNDB-2020-002248" }, { "db": "VULMON", "id": "CVE-2019-13163" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2019-13163", "trust": 2.5 }, { "db": "JVNDB", "id": "JVNDB-2020-002248", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202002-237", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2019-13163", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-13163" }, { "db": "JVNDB", "id": "JVNDB-2020-002248" }, { "db": "CNNVD", "id": "CNNVD-202002-237" }, { "db": "NVD", "id": "CVE-2019-13163" } ] }, "id": "VAR-202002-0484", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.26205936 }, "last_update_date": "2024-11-23T22:58:22.297000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Interstage\u3084Systemwalker\u95a2\u9023\u88fd\u54c1: TLS\u306b\u95a2\u3059\u308b\u8907\u6570\u88fd\u54c1\u306e\u8106\u5f31\u6027\uff08CVE-2019-13163\uff09(2020\u5e743\u670812\u65e5)", "trust": 0.8, "url": "https://www.fujitsu.com/jp/products/software/resources/condition/security/products-fujitsu/solution/interstage-systemwalker-tls-202001.html" }, { "title": "Multiple Fujitsu Product encryption problem vulnerabilities", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=111554" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-002248" }, { "db": "CNNVD", "id": "CNNVD-202002-237" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-326", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-002248" }, { "db": "NVD", "id": "CVE-2019-13163" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://www.fujitsu.com/jp/products/software/resources/condition/security/products-fujitsu/solution/interstage-systemwalker-tls-202001.html" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13163" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13163" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/326.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" } ], "sources": [ { "db": "VULMON", "id": "CVE-2019-13163" }, { "db": "JVNDB", "id": "JVNDB-2020-002248" }, { "db": "CNNVD", "id": "CNNVD-202002-237" }, { "db": "NVD", "id": "CVE-2019-13163" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2019-13163" }, { "db": "JVNDB", "id": "JVNDB-2020-002248" }, { "db": "CNNVD", "id": "CNNVD-202002-237" }, { "db": "NVD", "id": "CVE-2019-13163" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-07T00:00:00", "db": "VULMON", "id": "CVE-2019-13163" }, { "date": "2020-03-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-002248" }, { "date": "2020-02-07T00:00:00", "db": "CNNVD", "id": "CNNVD-202002-237" }, { "date": "2020-02-07T23:15:09.933000", "db": "NVD", "id": "CVE-2019-13163" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-02-27T00:00:00", "db": "VULMON", "id": "CVE-2019-13163" }, { "date": "2020-03-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-002248" }, { "date": "2023-05-17T00:00:00", "db": "CNNVD", "id": "CNNVD-202002-237" }, { "date": "2024-11-21T04:24:19.820000", "db": "NVD", "id": "CVE-2019-13163" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202002-237" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Interstage and Systemwalker Related product : TLS Vulnerabilities of multiple products in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-002248" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "encryption problem", "sources": [ { "db": "CNNVD", "id": "CNNVD-202002-237" } ], "trust": 0.6 } }
var-201108-0132
Vulnerability from variot
The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. Both the 'Range' header and the 'Range-Request' header are vulnerable. The attack tool causes a significant increase in CPU and memory usage on the server. Apache HTTPD The server has a service disruption (DoS) Vulnerabilities exist. Apache HTTPD The server Range Header and Request-Range There is a problem with header processing, and service operation is interrupted. (DoS) Vulnerabilities exist. Attacks using this vulnerability have been observed. Also, "Apache Killer" The attack tool called is released. Apache The advisory states that: "Background and the 2007 report There are two aspects to this vulnerability. One is new, is Apache specific; and resolved with this server side fix. The other issue is fundamentally a protocol design issue dating back to 2007: http://seclists.org/bugtraq/2007/Jan/83 The contemporary interpretation of the HTTP protocol (currently) requires a server to return multiple (overlapping) ranges; in the order requested. This means that one can request a very large range (e.g. from byte 0- to the end) 100's of times in a single request. Being able to do so is an issue for (probably all) webservers and currently subject of an IETF discussion to change the protocol: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/311 This advisory details a problem with how Apache httpd and its so called internal 'bucket brigades' deal with serving such "valid" request. The problem is that currently such requests internally explode into 100's of large fetches, all of which are kept in memory in an inefficient way. This is being addressed in two ways. By making things more efficient. And by weeding out or simplifying requests deemed too unwieldy."Service disruption by a remote third party (DoS) There is a possibility of being attacked. ----------------------------------------------------------------------
The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242
TITLE: Hitachi Web Server ByteRange Filter Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA45865
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45865/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45865
RELEASE DATE: 2011-09-05
DISCUSS ADVISORY: http://secunia.com/advisories/45865/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/45865/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=45865
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Hitachi has acknowledged a vulnerability in Hitachi Web Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
ORIGINAL ADVISORY: Hitachi (Japanese): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS11-019/index.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Summary:
Updated httpd packages that fix one security issue are now available for Red Hat Enterprise Linux 5.3 Long Life, 5.6 Extended Update Support, and 6.0 Extended Update Support.
The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux (v. 5.3.LL server) - i386, ia64, x86_64 Red Hat Enterprise Linux Server (v. 6.0.z) - i386, noarch, ppc64, s390x, x86_64
- (CVE-2011-3192)
All httpd users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
732928 - CVE-2011-3192 httpd: multiple ranges DoS
- Package List:
Red Hat Enterprise Linux (v. 5.3.LL server):
Source: httpd-2.2.3-22.el5_3.3.src.rpm
i386: httpd-2.2.3-22.el5_3.3.i386.rpm httpd-debuginfo-2.2.3-22.el5_3.3.i386.rpm httpd-devel-2.2.3-22.el5_3.3.i386.rpm httpd-manual-2.2.3-22.el5_3.3.i386.rpm mod_ssl-2.2.3-22.el5_3.3.i386.rpm
ia64: httpd-2.2.3-22.el5_3.3.ia64.rpm httpd-debuginfo-2.2.3-22.el5_3.3.ia64.rpm httpd-devel-2.2.3-22.el5_3.3.ia64.rpm httpd-manual-2.2.3-22.el5_3.3.ia64.rpm mod_ssl-2.2.3-22.el5_3.3.ia64.rpm
x86_64: httpd-2.2.3-22.el5_3.3.x86_64.rpm httpd-debuginfo-2.2.3-22.el5_3.3.i386.rpm httpd-debuginfo-2.2.3-22.el5_3.3.x86_64.rpm httpd-devel-2.2.3-22.el5_3.3.i386.rpm httpd-devel-2.2.3-22.el5_3.3.x86_64.rpm httpd-manual-2.2.3-22.el5_3.3.x86_64.rpm mod_ssl-2.2.3-22.el5_3.3.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: httpd-2.2.3-45.el5_6.2.src.rpm
i386: httpd-2.2.3-45.el5_6.2.i386.rpm httpd-debuginfo-2.2.3-45.el5_6.2.i386.rpm httpd-devel-2.2.3-45.el5_6.2.i386.rpm httpd-manual-2.2.3-45.el5_6.2.i386.rpm mod_ssl-2.2.3-45.el5_6.2.i386.rpm
ia64: httpd-2.2.3-45.el5_6.2.ia64.rpm httpd-debuginfo-2.2.3-45.el5_6.2.ia64.rpm httpd-devel-2.2.3-45.el5_6.2.ia64.rpm httpd-manual-2.2.3-45.el5_6.2.ia64.rpm mod_ssl-2.2.3-45.el5_6.2.ia64.rpm
ppc: httpd-2.2.3-45.el5_6.2.ppc.rpm httpd-debuginfo-2.2.3-45.el5_6.2.ppc.rpm httpd-debuginfo-2.2.3-45.el5_6.2.ppc64.rpm httpd-devel-2.2.3-45.el5_6.2.ppc.rpm httpd-devel-2.2.3-45.el5_6.2.ppc64.rpm httpd-manual-2.2.3-45.el5_6.2.ppc.rpm mod_ssl-2.2.3-45.el5_6.2.ppc.rpm
s390x: httpd-2.2.3-45.el5_6.2.s390x.rpm httpd-debuginfo-2.2.3-45.el5_6.2.s390.rpm httpd-debuginfo-2.2.3-45.el5_6.2.s390x.rpm httpd-devel-2.2.3-45.el5_6.2.s390.rpm httpd-devel-2.2.3-45.el5_6.2.s390x.rpm httpd-manual-2.2.3-45.el5_6.2.s390x.rpm mod_ssl-2.2.3-45.el5_6.2.s390x.rpm
x86_64: httpd-2.2.3-45.el5_6.2.x86_64.rpm httpd-debuginfo-2.2.3-45.el5_6.2.i386.rpm httpd-debuginfo-2.2.3-45.el5_6.2.x86_64.rpm httpd-devel-2.2.3-45.el5_6.2.i386.rpm httpd-devel-2.2.3-45.el5_6.2.x86_64.rpm httpd-manual-2.2.3-45.el5_6.2.x86_64.rpm mod_ssl-2.2.3-45.el5_6.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6.0.z):
Source: httpd-2.2.15-5.el6_0.1.src.rpm
i386: httpd-2.2.15-5.el6_0.1.i686.rpm httpd-debuginfo-2.2.15-5.el6_0.1.i686.rpm httpd-devel-2.2.15-5.el6_0.1.i686.rpm httpd-tools-2.2.15-5.el6_0.1.i686.rpm mod_ssl-2.2.15-5.el6_0.1.i686.rpm
noarch: httpd-manual-2.2.15-5.el6_0.1.noarch.rpm
ppc64: httpd-2.2.15-5.el6_0.1.ppc64.rpm httpd-debuginfo-2.2.15-5.el6_0.1.ppc.rpm httpd-debuginfo-2.2.15-5.el6_0.1.ppc64.rpm httpd-devel-2.2.15-5.el6_0.1.ppc.rpm httpd-devel-2.2.15-5.el6_0.1.ppc64.rpm httpd-tools-2.2.15-5.el6_0.1.ppc64.rpm mod_ssl-2.2.15-5.el6_0.1.ppc64.rpm
s390x: httpd-2.2.15-5.el6_0.1.s390x.rpm httpd-debuginfo-2.2.15-5.el6_0.1.s390.rpm httpd-debuginfo-2.2.15-5.el6_0.1.s390x.rpm httpd-devel-2.2.15-5.el6_0.1.s390.rpm httpd-devel-2.2.15-5.el6_0.1.s390x.rpm httpd-tools-2.2.15-5.el6_0.1.s390x.rpm mod_ssl-2.2.15-5.el6_0.1.s390x.rpm
x86_64: httpd-2.2.15-5.el6_0.1.x86_64.rpm httpd-debuginfo-2.2.15-5.el6_0.1.i686.rpm httpd-debuginfo-2.2.15-5.el6_0.1.x86_64.rpm httpd-devel-2.2.15-5.el6_0.1.i686.rpm httpd-devel-2.2.15-5.el6_0.1.x86_64.rpm httpd-tools-2.2.15-5.el6_0.1.x86_64.rpm mod_ssl-2.2.15-5.el6_0.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3192.html https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2011 Red Hat, Inc. This update fixes this bug. This issue only affects the Debian 5.0 oldstable/lenny distribution.
The regression has been fixed in the following packages:
For the oldstable distribution (lenny), this problem has been fixed in version 2.2.9-10+lenny11.
For the stable distribution (squeeze), this problem has been fixed in version 2.2.16-6+squeeze3.
For the testing distribution (wheezy), this problem will be fixed in version 2.2.20-1.
For the unstable distribution (sid), this problem has been fixed in version 2.2.20-1.
We recommend that you upgrade your apache2 packages. The new version number for the oldstable distribution is 2.2.6-02-1+lenny6. In the stable distribution, apache2-mpm-itk has the same version number as apache2. HP Secure Web Server (SWS) for OpenVMS V2.2 and earlier. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02997184 Version: 2
HPSBUX02702 SSRT100606 rev.2 - HP-UX Apache Web Server, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-09-08 Last Updated: 2011-09-08
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified with HP-UX Apache Web Server.
References: CVE-2011-3192, CVE-2011-0419
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.17 containing Apache v2.2.15.07 or earlier HP-UX B.11.11 running HP-UX Apache Web Server Suite v2.33 containing Apache v2.0.64.01 or earlier
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3192 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2011-0419 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
This bulletin will be revised when additional information becomes available.
HP has provided the following software update to resolve these vulnerabilities.
The update is available for download from the following location ftp://srt10606:P2xg=AD5@ftp.usa.hp.com or https://ftp.usa.hp.com/hprc/home with username srt10606 and password P2xg=AD5
HP-UX Web Server Suite (WSS) v.3.18 containing Apache v2.2.15.08 HP-UX 11i Release / Apache Depot name
B.11.23 (32-bit) / Apache-CVE-2011-3192-Fix-IA-PA-32.depot B.11.23 (64-bit) / Apache-CVE-2011-3192-Fix-IA-PA-64.depot
B.11.31 (32-bit) / Apache-CVE-2011-3192-Fix-IA-PA-32.depot B.11.31 (64-bit) / Apache-CVE-2011-3192-Fix-IA-PA-64.depot
HP-UX Web Server Suite (WSS) v.2.33 containing Apache v2.0.64.01 and earlier HP-UX 11i Release / Apache Depot name
B.11.11 / Use work around suggested below B.11.23 (32 & 64-bit) / No longer supported. Upgrade to WSS v 3.18 B.11.31 (32 & 64-bit) / No longer supported. Upgrade to WSS v 3.18
Alternatives to Installing the Preliminary Patch The Apache Software Foundation has documented work arounds. For customers not wanting to install the preliminary patch, the following are recommended. Note: that no patch is available for Apache 2.0.64.01.
2) Limit the size of the request field to a few hundred bytes.
3) Use mod_headers to completely disallow the use of Range headers.
Please refer to the Apache advisory for details. http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110826103531.998348F82@minotaur.apache.org%3e
MANUAL ACTIONS: Yes - Update Install HP-UX Web Server Suite v3.18 or subsequent.
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check.
It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX Web Server Suite v3.18 HP-UX B.11.23 HP-UX B.11.31 ================== hpuxws22APCH32.APACHE hpuxws22APCH32.APACHE2 hpuxws22APCH32.AUTH_LDAP hpuxws22APCH32.AUTH_LDAP2 hpuxws22APCH32.MOD_JK hpuxws22APCH32.MOD_JK2 hpuxws22APCH32.MOD_PERL hpuxws22APCH32.MOD_PERL2 hpuxws22APCH32.PHP hpuxws22APCH32.PHP2 hpuxws22APCH32.WEBPROXY hpuxws22APCH32.WEBPROXY2 hpuxws22APACHE.APACHE hpuxws22APACHE.APACHE2 hpuxws22APACHE.AUTH_LDAP hpuxws22APACHE.AUTH_LDAP2 hpuxws22APACHE.MOD_JK hpuxws22APACHE.MOD_JK2 hpuxws22APACHE.MOD_PERL hpuxws22APACHE.MOD_PERL2 hpuxws22APACHE.PHP hpuxws22APACHE.PHP2 hpuxws22APACHE.WEBPROXY hpuxws22APACHE.WEBPROXY2 action: install revision B.2.2.15.08 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) - 8 September 2011 Initial release Version:2 (rev.2) - 8 September 2011 Updated affectivity, recommendations, typos
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk5pPZoACgkQ4B86/C0qfVn5nwCg/w2MOkbP7d5Xp4fAyX4zAOdp aWQAoJoKZs8qDHYIVa41KgH1ANkNQI3C =MTc6 -----END PGP SIGNATURE----- . Enjoy!
- apache has been upgraded to the latest version (2.2.21) for 2011
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192
Updated Packages:
Mandriva Linux 2011: 5c4825e4c63b4a06c68a5fd81517de71 2011/i586/apache-base-2.2.21-0.1-mdv2011.0.i586.rpm b5a00191b27804f9735643cdcd704b19 2011/i586/apache-conf-2.2.21-0.1-mdv2011.0.i586.rpm 49defd7efbb4a37ec49c01c7ef9c64aa 2011/i586/apache-devel-2.2.21-0.1-mdv2011.0.i586.rpm a023e40689777630df036eae1a84a475 2011/i586/apache-doc-2.2.21-0.1-mdv2011.0.noarch.rpm f03744bb74a3e0872cb08465799c3ee1 2011/i586/apache-htcacheclean-2.2.21-0.1-mdv2011.0.i586.rpm bb9efa66089deef66f9434b813d41a95 2011/i586/apache-mod_authn_dbd-2.2.21-0.1-mdv2011.0.i586.rpm bb334eb7fe43927ba7c6c9196b4e1fd1 2011/i586/apache-mod_cache-2.2.21-0.1-mdv2011.0.i586.rpm 086b5ed82c064b16964fff70bf9c841e 2011/i586/apache-mod_dav-2.2.21-0.1-mdv2011.0.i586.rpm 115008b2471e10ea01689dafe5c46bcd 2011/i586/apache-mod_dbd-2.2.21-0.1-mdv2011.0.i586.rpm 6b686ec6612ff8740d1e482faa06c544 2011/i586/apache-mod_deflate-2.2.21-0.1-mdv2011.0.i586.rpm 8c8f14074bc0dbbeb2b3890611f95c6b 2011/i586/apache-mod_disk_cache-2.2.21-0.1-mdv2011.0.i586.rpm b03569edc20c9393e0b5eea09f590368 2011/i586/apache-mod_file_cache-2.2.21-0.1-mdv2011.0.i586.rpm 343703d3822a6757e000edeebe7e0a06 2011/i586/apache-mod_ldap-2.2.21-0.1-mdv2011.0.i586.rpm 3457011403525d40e525716c4da8e477 2011/i586/apache-mod_mem_cache-2.2.21-0.1-mdv2011.0.i586.rpm 3d060145b3665ca4c0b309f812af9370 2011/i586/apache-mod_proxy-2.2.21-0.1-mdv2011.0.i586.rpm a0e00b0610eb5a8c5c57afabeafc07f8 2011/i586/apache-mod_proxy_ajp-2.2.21-0.1-mdv2011.0.i586.rpm dd4bb38bbc2997ca398fb37225eca371 2011/i586/apache-mod_proxy_scgi-2.2.21-0.1-mdv2011.0.i586.rpm 2966cdfddf02fa32447711af6a3046dd 2011/i586/apache-mod_reqtimeout-2.2.21-0.1-mdv2011.0.i586.rpm 48774d9c282dc476f35a0c8b2e821a7f 2011/i586/apache-mod_ssl-2.2.21-0.1-mdv2011.0.i586.rpm 7b832f85bd258abf0c7abb161f4028b4 2011/i586/apache-mod_suexec-2.2.21-0.1-mdv2011.0.i586.rpm 1c6b93eaa5b27477989bf82ea9a63685 2011/i586/apache-modules-2.2.21-0.1-mdv2011.0.i586.rpm 1e7dc0ee3fafae8a786be0cc164ebe4a 2011/i586/apache-mod_userdir-2.2.21-0.1-mdv2011.0.i586.rpm ab2d074f2dfe57a64b022d4e6b8254ab 2011/i586/apache-mpm-event-2.2.21-0.1-mdv2011.0.i586.rpm a22debf09366b64e236965a4091009e9 2011/i586/apache-mpm-itk-2.2.21-0.1-mdv2011.0.i586.rpm 174aed4327491b83f147f3b4e76bcd1f 2011/i586/apache-mpm-peruser-2.2.21-0.1-mdv2011.0.i586.rpm e141881c27496e7e74ad7f3f566a1bd2 2011/i586/apache-mpm-prefork-2.2.21-0.1-mdv2011.0.i586.rpm 97893069a3d6eb73e3773bc0ee78c9a4 2011/i586/apache-mpm-worker-2.2.21-0.1-mdv2011.0.i586.rpm fe530e2da15b3e0bf14c617824ff82c9 2011/i586/apache-source-2.2.21-0.1-mdv2011.0.i586.rpm 4376094cd799523a1a7666f4e768707d 2011/SRPMS/apache-2.2.21-0.1.src.rpm b37e2a1dafb6883a10cefb4140e9635e 2011/SRPMS/apache-conf-2.2.21-0.1.src.rpm d83c587ad4d56a31362f67334bbf9455 2011/SRPMS/apache-doc-2.2.21-0.1.src.rpm 0b4a145fd5ff8c11a53956f750cdbd42 2011/SRPMS/apache-mod_suexec-2.2.21-0.1.src.rpm
Mandriva Linux 2011/X86_64: 8837c56966896e10d3403956e7cf86ac 2011/x86_64/apache-base-2.2.21-0.1-mdv2011.0.x86_64.rpm aec6da25319585e53623471734f99c57 2011/x86_64/apache-conf-2.2.21-0.1-mdv2011.0.x86_64.rpm e8600455214ad4f2303d9f36576e4952 2011/x86_64/apache-devel-2.2.21-0.1-mdv2011.0.x86_64.rpm 90694f3211fca3d436ec4130b8bb43e2 2011/x86_64/apache-doc-2.2.21-0.1-mdv2011.0.noarch.rpm fd3f6a51c8abf8b1ff8356489ba6d6e1 2011/x86_64/apache-htcacheclean-2.2.21-0.1-mdv2011.0.x86_64.rpm 796c8129bbc160455587bc54c58c2220 2011/x86_64/apache-mod_authn_dbd-2.2.21-0.1-mdv2011.0.x86_64.rpm 61add54b6e0c8306dff065a150b262e2 2011/x86_64/apache-mod_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm cb98169c29008c256662f3a08141bf95 2011/x86_64/apache-mod_dav-2.2.21-0.1-mdv2011.0.x86_64.rpm 5aa03ee54a7e40d41fd746fd1a223c72 2011/x86_64/apache-mod_dbd-2.2.21-0.1-mdv2011.0.x86_64.rpm 386a956f014fe2d64dfe38fc261abd39 2011/x86_64/apache-mod_deflate-2.2.21-0.1-mdv2011.0.x86_64.rpm 5a473bc45fa59323c4d526dd4f5a30d3 2011/x86_64/apache-mod_disk_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm aaa544f7a4912c161a2c73e222ae87d6 2011/x86_64/apache-mod_file_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm f04054edc62a24ea9042c5b41074bd1d 2011/x86_64/apache-mod_ldap-2.2.21-0.1-mdv2011.0.x86_64.rpm 1c97f63c1169f483d086a94b97f5c421 2011/x86_64/apache-mod_mem_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm ca912c34fec5cf470947a7f87e9705a4 2011/x86_64/apache-mod_proxy-2.2.21-0.1-mdv2011.0.x86_64.rpm b5ae70a8ed412e40275b4de7b639caa0 2011/x86_64/apache-mod_proxy_ajp-2.2.21-0.1-mdv2011.0.x86_64.rpm 6b11b032c13277712c336405ea23a8b0 2011/x86_64/apache-mod_proxy_scgi-2.2.21-0.1-mdv2011.0.x86_64.rpm 874a420342f1ea9278e014b79fe5a337 2011/x86_64/apache-mod_reqtimeout-2.2.21-0.1-mdv2011.0.x86_64.rpm 2757b3d7c8261563e22c41d3f94aaa29 2011/x86_64/apache-mod_ssl-2.2.21-0.1-mdv2011.0.x86_64.rpm 6edbc6963aab9beee507f9a3c8be38a2 2011/x86_64/apache-mod_suexec-2.2.21-0.1-mdv2011.0.x86_64.rpm fe6143eaa1acc0de751198ea19129279 2011/x86_64/apache-modules-2.2.21-0.1-mdv2011.0.x86_64.rpm 3e66fa1e1e2cf243c1c6472243cb86fe 2011/x86_64/apache-mod_userdir-2.2.21-0.1-mdv2011.0.x86_64.rpm 7d45bfd7d3aa87d45d2287fdd9507847 2011/x86_64/apache-mpm-event-2.2.21-0.1-mdv2011.0.x86_64.rpm bce9e2cdffe45cbc4baf72f0d0c4000e 2011/x86_64/apache-mpm-itk-2.2.21-0.1-mdv2011.0.x86_64.rpm 217bd96dfa802f7d049b6fd12600b154 2011/x86_64/apache-mpm-peruser-2.2.21-0.1-mdv2011.0.x86_64.rpm cc304b9011d16d7f3cf5c8250e4d9f18 2011/x86_64/apache-mpm-prefork-2.2.21-0.1-mdv2011.0.x86_64.rpm a8bb9b62c39f98a6df728d51a4fff39a 2011/x86_64/apache-mpm-worker-2.2.21-0.1-mdv2011.0.x86_64.rpm 7d41c857be2574ac5f3ea7090a1f3c78 2011/x86_64/apache-source-2.2.21-0.1-mdv2011.0.x86_64.rpm 4376094cd799523a1a7666f4e768707d 2011/SRPMS/apache-2.2.21-0.1.src.rpm b37e2a1dafb6883a10cefb4140e9635e 2011/SRPMS/apache-conf-2.2.21-0.1.src.rpm d83c587ad4d56a31362f67334bbf9455 2011/SRPMS/apache-doc-2.2.21-0.1.src.rpm 0b4a145fd5ff8c11a53956f750cdbd42 2011/SRPMS/apache-mod_suexec-2.2.21-0.1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . HP OpenView Network Node Manager (OV NNM) v7.53 running on HP-UX, Linux, and Solaris.
Apache-2.2.21.tar.gz is available using ftp.
Host Account Password
ftp.usa.hp.com sb02704 Secure12
After downloading Apache-2.2.21.tar.gz optionally verify the SHA1 check sum: SHA1(Apache-2.2.21.tar)= 642721cac9a7c4d1e8e6033a5198071bbdd54840 SHA1(Apache-2.2.21.tar.gz)= 87d0c04be6dd06b52f1b9c7c645ce39fad117a08
The Apache-2.2.21.tar archive contains a README.txt file with installation instructions
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201108-0132", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "linux enterprise software development kit", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "11" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.0.65" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "8.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "11.04" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "10" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.2.0" }, { "model": "http server", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.2.20" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "10.04" }, { "model": "linux enterprise server", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "11" }, { "model": "linux enterprise software development kit", "scope": "eq", "trust": 1.0, "vendor": "suse", "version": "10" }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.35" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "11.3" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "10.10" }, { "model": "opensuse", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "11.4" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apache http server", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "debian gnu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "mandriva s a", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "1.3 system" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "2.x system" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "1.3" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "2.0" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.0" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.1" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.0" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7 and v10.7.1" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7 and v10.7.1" }, { "model": "application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10g release 2 version 10.1.2.3" }, { "model": "application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10g release 3 version 10.1.3.5" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11g release 1 11.1.1.3" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11g release 1 11.1.1.4" }, { "model": "fusion middleware", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11g release 1 11.1.1.5" }, { "model": "secure backup", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10.3.0.3" }, { "model": "secure backup", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10.4.0.1" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10" }, { "model": "solaris", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11 express" }, { "model": "supply chain products suite", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "5.5.06" }, { "model": "supply chain products suite", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6.0" }, { "model": "supply chain products suite", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6.1" }, { "model": "supply chain products suite", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6.2" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3.0 (x86-64)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "4.0 (x86-64)" }, { "model": "hp secure web server for openvms", "scope": "lte", "trust": 0.8, "vendor": "hewlett packard", "version": "v2.2" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.31" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "v3.19" }, { "model": "ridoc document router", "scope": "lt", "trust": 0.8, "vendor": "ricoh", "version": "pro v2 v.2.2.5.0" }, { "model": "ridoc document router", "scope": "lt", "trust": 0.8, "vendor": "ricoh", "version": "v3 v.3.2.5.0" }, { "model": "ridoc document router", "scope": "lt", "trust": 0.8, "vendor": "ricoh", "version": "v4 v.4.0.6.0" }, { "model": "ridoc document server", "scope": "lt", "trust": 0.8, "vendor": "ricoh", "version": "ep v1 / v1 type h v.1.0.6.0" }, { "model": "ridoc document server", "scope": "lt", "trust": 0.8, "vendor": "ricoh", "version": "ep v2 / v2 type h v.2.0.5.0" }, { "model": "ridoc document server", "scope": "lt", "trust": 0.8, "vendor": "ricoh", "version": "v3 v.3.2.4.0" }, { "model": "ridoc document system", "scope": "lt", "trust": 0.8, "vendor": "ricoh", "version": "image log options v1 v.1.1.5.0" }, { "model": "ridoc io operationserver", "scope": "lt", "trust": 0.8, "vendor": "ricoh", "version": "pro / device operation management utility is02.09.00" }, { "model": "ridoc web navigator", "scope": "lt", "trust": 0.8, "vendor": "ricoh", "version": "lt v.1.0.6.0" }, { "model": "ridoc web navigator", "scope": "lt", "trust": 0.8, "vendor": "ricoh", "version": "v3 v.3.3.8.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (as)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (es)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 (ws)" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.0" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.0 (client)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux els", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "3" }, { "model": "enterprise linux eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.6.z (server)" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux long life", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 5.3 server)" }, { "model": "enterprise linux long life", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "(v. 5.6 server)" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6.0.z" }, { "model": "enterprise linux server eus", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6.1.z" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "csview", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/faq navigator" }, { "model": "csview", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "/web questionnaire" }, { "model": "pasolink nms", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v4.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v4.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard-j edition v4.1 to v6.5" }, { "model": "webotx", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "web edition v4.1 to v6.5" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise edition v7.1 to v8.1" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "enterprise v8.2 to v8.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "express v8.2 to v8.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "foundation v8.2 to v8.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v7.1 to v8.1" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard v8.2 to v8.4" }, { "model": "webotx application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard-j edition v7.1 to v8.1" }, { "model": "webotx enterprise service bus", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v6.4 to v8.4" }, { "model": "webotx portal", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "v8.2 to v8.3" }, { "model": "webotx sip application server", "scope": "eq", "trust": 0.8, "vendor": "nec", "version": "standard edition v7.1 to v8.1" }, { "model": "groupmax collaboration", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- server" }, { "model": "hirdb realtime monitor", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "device manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "global link manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "it operations analyzer", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "it operations director", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "provisioning manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "replication manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "tiered storage manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "tuning manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "web server", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "job management partner 1/automatic job management system 3", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web operation assistant( english edition )" }, { "model": "job management partner 1/performance management - web console", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "( overseas edition )" }, { "model": "jp1/automatic job management system 2", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web operation assistant" }, { "model": "jp1/automatic job management system 3", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web operation assistant" }, { "model": "jp1/cm2/snmp system observer", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand device manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand provisioning manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand replication monitor", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand tiered storage manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand tuning manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- service support" }, { "model": "jp1/it resource management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- manager" }, { "model": "jp1/it service level management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- manager" }, { "model": "jp1/performance management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- manager web option" }, { "model": "jp1/performance management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web console" }, { "model": "jp1/serverconductor/control manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "smart edition" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus collaboration", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- server" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus navigation", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "developer" }, { "model": "ucosminexus navigation", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "ucosminexus navigation", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - authoring license" }, { "model": "ucosminexus navigation", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - user license" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "architect" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - messaging" }, { "model": "ucosminexus stream data platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- application framework" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard set" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "set" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "developer client set" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "developer set" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional library set" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional set" }, { "model": "internet navigware server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application development cycle manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage form coordinator workflow", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage list manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage list works", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage service integrator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage xml business activity recorder", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker availability view", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker centric manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker desktop inspection", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker it change manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker it process master", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker resource coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker runbook automation", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker service catalog manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker service quality coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker software configuration manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "cloud infrastructure management software", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#405811" }, { "db": "JVNDB", "id": "JVNDB-2011-002172" }, { "db": "NVD", "id": "CVE-2011-3192" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:http_server", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:fusion_middleware", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:secure_backup", "vulnerable": true }, { "cpe22Uri": "cpe:/o:oracle:solaris", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:supply_chain_products_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hp:secure_web_server_for_open_vms", "vulnerable": true }, { "cpe22Uri": "cpe:/o:hp:hp-ux", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hp:hp-ux_web_server_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ricoh:ridoc_document_router", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ricoh:ridoc_document_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ricoh:ridoc_document_system", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ricoh:ridoc_io_operationserver", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ricoh:ridoc_web_navigator", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_desktop", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_els", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_eus", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_hpc_node", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_long_life", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_eus", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:enterprise_linux_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/o:redhat:rhel_desktop_workstation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:csview", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:pasolink_nms", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_enterprise_service_bus", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_portal", "vulnerable": true }, { "cpe22Uri": "cpe:/a:nec:webotx_sip_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:groupmax_collaboration", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hirdb_realtime_monitor", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:device_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:global_link_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:it_operations_analyzer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:it_operations_director", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:provisioning_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:replication_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:tiered_storage_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:tuning_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:job_management_partner_1_automatic_job_management_system_3", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:job_management_partner_1_performance_management_web_console", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_automatic_job_management_system_2", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_automatic_job_management_system_3", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_cm2_snmp_system_observer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1-hicommand_device_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1-hicommand_provisioning_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1-hicommand_replication_monitor", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1-hicommand_tiered_storage_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1-hicommand_tuning_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_integrated_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_it_resource_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_it_service_level_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_performance_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:jp1_serverconductor_control_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_collaboration", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_navigation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_stream_data_platform", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:electronic_form_workflow", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:internet_navigware_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_form_coordinator_workflow", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_list_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_list_works", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_xml_business_activity_recorder", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_availability_view", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_centric_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_desktop_inspection", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_change_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_process_master", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_runbook_automation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:cloud_infrastructure_management_software", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002172" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "105422" }, { "db": "PACKETSTORM", "id": "117251" }, { "db": "PACKETSTORM", "id": "104969" }, { "db": "PACKETSTORM", "id": "106557" } ], "trust": 0.4 }, "cve": "CVE-2011-3192", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2011-3192", "impactScore": 6.9, "integrityImpact": "NONE", "severity": "HIGH", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-3192", "trust": 1.0, "value": "HIGH" }, { "author": "CARNEGIE MELLON", "id": "VU#405811", "trust": 0.8, "value": "16.01" }, { "author": "NVD", "id": "CVE-2011-3192", "trust": 0.8, "value": "High" }, { "author": "VULMON", "id": "CVE-2011-3192", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#405811" }, { "db": "VULMON", "id": "CVE-2011-3192" }, { "db": "JVNDB", "id": "JVNDB-2011-002172" }, { "db": "NVD", "id": "CVE-2011-3192" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. Both the \u0027Range\u0027 header and the \u0027Range-Request\u0027 header are vulnerable. The attack tool causes a significant increase in CPU and memory usage on the server. Apache HTTPD The server has a service disruption (DoS) Vulnerabilities exist. Apache HTTPD The server Range Header and Request-Range There is a problem with header processing, and service operation is interrupted. (DoS) Vulnerabilities exist. Attacks using this vulnerability have been observed. Also, \"Apache Killer\" The attack tool called is released. Apache The advisory states that: \"Background and the 2007 report There are two aspects to this vulnerability. One is new, is Apache specific; and resolved with this server side fix. The other issue is fundamentally a protocol design issue dating back to 2007: http://seclists.org/bugtraq/2007/Jan/83 The contemporary interpretation of the HTTP protocol (currently) requires a server to return multiple (overlapping) ranges; in the order requested. This means that one can request a very large range (e.g. from byte 0- to the end) 100\u0027s of times in a single request. Being able to do so is an issue for (probably all) webservers and currently subject of an IETF discussion to change the protocol: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/311 This advisory details a problem with how Apache httpd and its so called internal \u0027bucket brigades\u0027 deal with serving such \"valid\" request. The problem is that currently such requests internally explode into 100\u0027s of large fetches, all of which are kept in memory in an inefficient way. This is being addressed in two ways. By making things more efficient. And by weeding out or simplifying requests deemed too unwieldy.\"Service disruption by a remote third party (DoS) There is a possibility of being attacked. ----------------------------------------------------------------------\n\nThe Secunia CSI 5.0 Beta - now available for testing\nFind out more, take a free test drive, and share your opinion with us: \nhttp://secunia.com/blog/242 \n\n----------------------------------------------------------------------\n\nTITLE:\nHitachi Web Server ByteRange Filter Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA45865\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/45865/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45865\n\nRELEASE DATE:\n2011-09-05\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/45865/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/45865/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45865\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nHitachi has acknowledged a vulnerability in Hitachi Web Server, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nORIGINAL ADVISORY:\nHitachi (Japanese):\nhttp://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS11-019/index.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Summary:\n\nUpdated httpd packages that fix one security issue are now available for\nRed Hat Enterprise Linux 5.3 Long Life, 5.6 Extended Update Support, and\n6.0 Extended Update Support. \n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from the\nCVE link in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64\nRed Hat Enterprise Linux (v. 5.3.LL server) - i386, ia64, x86_64\nRed Hat Enterprise Linux Server (v. 6.0.z) - i386, noarch, ppc64, s390x, x86_64\n\n3. (CVE-2011-3192)\n\nAll httpd users should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. After installing the updated\npackages, the httpd daemon must be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n732928 - CVE-2011-3192 httpd: multiple ranges DoS\n\n6. Package List:\n\nRed Hat Enterprise Linux (v. 5.3.LL server):\n\nSource:\nhttpd-2.2.3-22.el5_3.3.src.rpm\n\ni386:\nhttpd-2.2.3-22.el5_3.3.i386.rpm\nhttpd-debuginfo-2.2.3-22.el5_3.3.i386.rpm\nhttpd-devel-2.2.3-22.el5_3.3.i386.rpm\nhttpd-manual-2.2.3-22.el5_3.3.i386.rpm\nmod_ssl-2.2.3-22.el5_3.3.i386.rpm\n\nia64:\nhttpd-2.2.3-22.el5_3.3.ia64.rpm\nhttpd-debuginfo-2.2.3-22.el5_3.3.ia64.rpm\nhttpd-devel-2.2.3-22.el5_3.3.ia64.rpm\nhttpd-manual-2.2.3-22.el5_3.3.ia64.rpm\nmod_ssl-2.2.3-22.el5_3.3.ia64.rpm\n\nx86_64:\nhttpd-2.2.3-22.el5_3.3.x86_64.rpm\nhttpd-debuginfo-2.2.3-22.el5_3.3.i386.rpm\nhttpd-debuginfo-2.2.3-22.el5_3.3.x86_64.rpm\nhttpd-devel-2.2.3-22.el5_3.3.i386.rpm\nhttpd-devel-2.2.3-22.el5_3.3.x86_64.rpm\nhttpd-manual-2.2.3-22.el5_3.3.x86_64.rpm\nmod_ssl-2.2.3-22.el5_3.3.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nhttpd-2.2.3-45.el5_6.2.src.rpm\n\ni386:\nhttpd-2.2.3-45.el5_6.2.i386.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.i386.rpm\nhttpd-devel-2.2.3-45.el5_6.2.i386.rpm\nhttpd-manual-2.2.3-45.el5_6.2.i386.rpm\nmod_ssl-2.2.3-45.el5_6.2.i386.rpm\n\nia64:\nhttpd-2.2.3-45.el5_6.2.ia64.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.ia64.rpm\nhttpd-devel-2.2.3-45.el5_6.2.ia64.rpm\nhttpd-manual-2.2.3-45.el5_6.2.ia64.rpm\nmod_ssl-2.2.3-45.el5_6.2.ia64.rpm\n\nppc:\nhttpd-2.2.3-45.el5_6.2.ppc.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.ppc.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.ppc64.rpm\nhttpd-devel-2.2.3-45.el5_6.2.ppc.rpm\nhttpd-devel-2.2.3-45.el5_6.2.ppc64.rpm\nhttpd-manual-2.2.3-45.el5_6.2.ppc.rpm\nmod_ssl-2.2.3-45.el5_6.2.ppc.rpm\n\ns390x:\nhttpd-2.2.3-45.el5_6.2.s390x.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.s390.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.s390x.rpm\nhttpd-devel-2.2.3-45.el5_6.2.s390.rpm\nhttpd-devel-2.2.3-45.el5_6.2.s390x.rpm\nhttpd-manual-2.2.3-45.el5_6.2.s390x.rpm\nmod_ssl-2.2.3-45.el5_6.2.s390x.rpm\n\nx86_64:\nhttpd-2.2.3-45.el5_6.2.x86_64.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.i386.rpm\nhttpd-debuginfo-2.2.3-45.el5_6.2.x86_64.rpm\nhttpd-devel-2.2.3-45.el5_6.2.i386.rpm\nhttpd-devel-2.2.3-45.el5_6.2.x86_64.rpm\nhttpd-manual-2.2.3-45.el5_6.2.x86_64.rpm\nmod_ssl-2.2.3-45.el5_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 6.0.z):\n\nSource:\nhttpd-2.2.15-5.el6_0.1.src.rpm\n\ni386:\nhttpd-2.2.15-5.el6_0.1.i686.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.i686.rpm\nhttpd-devel-2.2.15-5.el6_0.1.i686.rpm\nhttpd-tools-2.2.15-5.el6_0.1.i686.rpm\nmod_ssl-2.2.15-5.el6_0.1.i686.rpm\n\nnoarch:\nhttpd-manual-2.2.15-5.el6_0.1.noarch.rpm\n\nppc64:\nhttpd-2.2.15-5.el6_0.1.ppc64.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.ppc.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.ppc64.rpm\nhttpd-devel-2.2.15-5.el6_0.1.ppc.rpm\nhttpd-devel-2.2.15-5.el6_0.1.ppc64.rpm\nhttpd-tools-2.2.15-5.el6_0.1.ppc64.rpm\nmod_ssl-2.2.15-5.el6_0.1.ppc64.rpm\n\ns390x:\nhttpd-2.2.15-5.el6_0.1.s390x.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.s390.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.s390x.rpm\nhttpd-devel-2.2.15-5.el6_0.1.s390.rpm\nhttpd-devel-2.2.15-5.el6_0.1.s390x.rpm\nhttpd-tools-2.2.15-5.el6_0.1.s390x.rpm\nmod_ssl-2.2.15-5.el6_0.1.s390x.rpm\n\nx86_64:\nhttpd-2.2.15-5.el6_0.1.x86_64.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.i686.rpm\nhttpd-debuginfo-2.2.15-5.el6_0.1.x86_64.rpm\nhttpd-devel-2.2.15-5.el6_0.1.i686.rpm\nhttpd-devel-2.2.15-5.el6_0.1.x86_64.rpm\nhttpd-tools-2.2.15-5.el6_0.1.x86_64.rpm\nmod_ssl-2.2.15-5.el6_0.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3192.html\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2011 Red Hat, Inc. This update fixes this bug. This issue only\naffects the Debian 5.0 oldstable/lenny distribution. \n\n\nThe regression has been fixed in the following packages:\n\nFor the oldstable distribution (lenny), this problem has been fixed\nin version 2.2.9-10+lenny11. \n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.2.16-6+squeeze3. \n\nFor the testing distribution (wheezy), this problem will be fixed in\nversion 2.2.20-1. \n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.2.20-1. \n\nWe recommend that you upgrade your apache2 packages. The new version\nnumber for the oldstable distribution is 2.2.6-02-1+lenny6. In the\nstable distribution, apache2-mpm-itk has the same version number as\napache2. \nHP Secure Web Server (SWS) for OpenVMS V2.2 and earlier. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02997184\nVersion: 2\n\nHPSBUX02702 SSRT100606 rev.2 - HP-UX Apache Web Server, Remote Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2011-09-08\nLast Updated: 2011-09-08\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified with HP-UX Apache Web Server. \n\nReferences: CVE-2011-3192, CVE-2011-0419\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, B.11.31 running HP-UX Apache Web Server Suite v3.17 containing Apache v2.2.15.07 or earlier\nHP-UX B.11.11 running HP-UX Apache Web Server Suite v2.33 containing Apache v2.0.64.01 or earlier\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3192 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\nCVE-2011-0419 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nThis bulletin will be revised when additional information becomes available. \n\nHP has provided the following software update to resolve these vulnerabilities. \n\nThe update is available for download from the following location\nftp://srt10606:P2xg=AD5@ftp.usa.hp.com\nor\nhttps://ftp.usa.hp.com/hprc/home with\nusername srt10606 and password P2xg=AD5\n\nHP-UX Web Server Suite (WSS) v.3.18 containing Apache v2.2.15.08\nHP-UX 11i Release / Apache Depot name\n\nB.11.23 (32-bit) / Apache-CVE-2011-3192-Fix-IA-PA-32.depot\nB.11.23 (64-bit) / Apache-CVE-2011-3192-Fix-IA-PA-64.depot\n\nB.11.31 (32-bit) / Apache-CVE-2011-3192-Fix-IA-PA-32.depot\nB.11.31 (64-bit) / Apache-CVE-2011-3192-Fix-IA-PA-64.depot\n\nHP-UX Web Server Suite (WSS) v.2.33 containing Apache v2.0.64.01 and earlier\nHP-UX 11i Release / Apache Depot name\n\nB.11.11 / Use work around suggested below\nB.11.23 (32 \u0026 64-bit) / No longer supported. Upgrade to WSS v 3.18\nB.11.31 (32 \u0026 64-bit) / No longer supported. Upgrade to WSS v 3.18\n\nAlternatives to Installing the Preliminary Patch\nThe Apache Software Foundation has documented work arounds. For customers not wanting to install the preliminary patch, the following are recommended. \nNote: that no patch is available for Apache 2.0.64.01. \n\n2) Limit the size of the request field to a few hundred bytes. \n\n3) Use mod_headers to completely disallow the use of Range headers. \n\nPlease refer to the Apache advisory for details. http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110826103531.998348F82@minotaur.apache.org%3e\n\nMANUAL ACTIONS: Yes - Update\nInstall HP-UX Web Server Suite v3.18 or subsequent. \n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. \n\nIt analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX Web Server Suite v3.18\nHP-UX B.11.23\nHP-UX B.11.31\n==================\nhpuxws22APCH32.APACHE\nhpuxws22APCH32.APACHE2\nhpuxws22APCH32.AUTH_LDAP\nhpuxws22APCH32.AUTH_LDAP2\nhpuxws22APCH32.MOD_JK\nhpuxws22APCH32.MOD_JK2\nhpuxws22APCH32.MOD_PERL\nhpuxws22APCH32.MOD_PERL2\nhpuxws22APCH32.PHP\nhpuxws22APCH32.PHP2\nhpuxws22APCH32.WEBPROXY\nhpuxws22APCH32.WEBPROXY2\nhpuxws22APACHE.APACHE\nhpuxws22APACHE.APACHE2\nhpuxws22APACHE.AUTH_LDAP\nhpuxws22APACHE.AUTH_LDAP2\nhpuxws22APACHE.MOD_JK\nhpuxws22APACHE.MOD_JK2\nhpuxws22APACHE.MOD_PERL\nhpuxws22APACHE.MOD_PERL2\nhpuxws22APACHE.PHP\nhpuxws22APACHE.PHP2\nhpuxws22APACHE.WEBPROXY\nhpuxws22APACHE.WEBPROXY2\naction: install revision B.2.2.15.08 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) - 8 September 2011 Initial release\nVersion:2 (rev.2) - 8 September 2011 Updated affectivity, recommendations, typos\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430\n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2011 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAk5pPZoACgkQ4B86/C0qfVn5nwCg/w2MOkbP7d5Xp4fAyX4zAOdp\naWQAoJoKZs8qDHYIVa41KgH1ANkNQI3C\n=MTc6\n-----END PGP SIGNATURE-----\n. Enjoy!\n \n * apache has been upgraded to the latest version (2.2.21) for 2011\n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2011:\n 5c4825e4c63b4a06c68a5fd81517de71 2011/i586/apache-base-2.2.21-0.1-mdv2011.0.i586.rpm\n b5a00191b27804f9735643cdcd704b19 2011/i586/apache-conf-2.2.21-0.1-mdv2011.0.i586.rpm\n 49defd7efbb4a37ec49c01c7ef9c64aa 2011/i586/apache-devel-2.2.21-0.1-mdv2011.0.i586.rpm\n a023e40689777630df036eae1a84a475 2011/i586/apache-doc-2.2.21-0.1-mdv2011.0.noarch.rpm\n f03744bb74a3e0872cb08465799c3ee1 2011/i586/apache-htcacheclean-2.2.21-0.1-mdv2011.0.i586.rpm\n bb9efa66089deef66f9434b813d41a95 2011/i586/apache-mod_authn_dbd-2.2.21-0.1-mdv2011.0.i586.rpm\n bb334eb7fe43927ba7c6c9196b4e1fd1 2011/i586/apache-mod_cache-2.2.21-0.1-mdv2011.0.i586.rpm\n 086b5ed82c064b16964fff70bf9c841e 2011/i586/apache-mod_dav-2.2.21-0.1-mdv2011.0.i586.rpm\n 115008b2471e10ea01689dafe5c46bcd 2011/i586/apache-mod_dbd-2.2.21-0.1-mdv2011.0.i586.rpm\n 6b686ec6612ff8740d1e482faa06c544 2011/i586/apache-mod_deflate-2.2.21-0.1-mdv2011.0.i586.rpm\n 8c8f14074bc0dbbeb2b3890611f95c6b 2011/i586/apache-mod_disk_cache-2.2.21-0.1-mdv2011.0.i586.rpm\n b03569edc20c9393e0b5eea09f590368 2011/i586/apache-mod_file_cache-2.2.21-0.1-mdv2011.0.i586.rpm\n 343703d3822a6757e000edeebe7e0a06 2011/i586/apache-mod_ldap-2.2.21-0.1-mdv2011.0.i586.rpm\n 3457011403525d40e525716c4da8e477 2011/i586/apache-mod_mem_cache-2.2.21-0.1-mdv2011.0.i586.rpm\n 3d060145b3665ca4c0b309f812af9370 2011/i586/apache-mod_proxy-2.2.21-0.1-mdv2011.0.i586.rpm\n a0e00b0610eb5a8c5c57afabeafc07f8 2011/i586/apache-mod_proxy_ajp-2.2.21-0.1-mdv2011.0.i586.rpm\n dd4bb38bbc2997ca398fb37225eca371 2011/i586/apache-mod_proxy_scgi-2.2.21-0.1-mdv2011.0.i586.rpm\n 2966cdfddf02fa32447711af6a3046dd 2011/i586/apache-mod_reqtimeout-2.2.21-0.1-mdv2011.0.i586.rpm\n 48774d9c282dc476f35a0c8b2e821a7f 2011/i586/apache-mod_ssl-2.2.21-0.1-mdv2011.0.i586.rpm\n 7b832f85bd258abf0c7abb161f4028b4 2011/i586/apache-mod_suexec-2.2.21-0.1-mdv2011.0.i586.rpm\n 1c6b93eaa5b27477989bf82ea9a63685 2011/i586/apache-modules-2.2.21-0.1-mdv2011.0.i586.rpm\n 1e7dc0ee3fafae8a786be0cc164ebe4a 2011/i586/apache-mod_userdir-2.2.21-0.1-mdv2011.0.i586.rpm\n ab2d074f2dfe57a64b022d4e6b8254ab 2011/i586/apache-mpm-event-2.2.21-0.1-mdv2011.0.i586.rpm\n a22debf09366b64e236965a4091009e9 2011/i586/apache-mpm-itk-2.2.21-0.1-mdv2011.0.i586.rpm\n 174aed4327491b83f147f3b4e76bcd1f 2011/i586/apache-mpm-peruser-2.2.21-0.1-mdv2011.0.i586.rpm\n e141881c27496e7e74ad7f3f566a1bd2 2011/i586/apache-mpm-prefork-2.2.21-0.1-mdv2011.0.i586.rpm\n 97893069a3d6eb73e3773bc0ee78c9a4 2011/i586/apache-mpm-worker-2.2.21-0.1-mdv2011.0.i586.rpm\n fe530e2da15b3e0bf14c617824ff82c9 2011/i586/apache-source-2.2.21-0.1-mdv2011.0.i586.rpm \n 4376094cd799523a1a7666f4e768707d 2011/SRPMS/apache-2.2.21-0.1.src.rpm\n b37e2a1dafb6883a10cefb4140e9635e 2011/SRPMS/apache-conf-2.2.21-0.1.src.rpm\n d83c587ad4d56a31362f67334bbf9455 2011/SRPMS/apache-doc-2.2.21-0.1.src.rpm\n 0b4a145fd5ff8c11a53956f750cdbd42 2011/SRPMS/apache-mod_suexec-2.2.21-0.1.src.rpm\n\n Mandriva Linux 2011/X86_64:\n 8837c56966896e10d3403956e7cf86ac 2011/x86_64/apache-base-2.2.21-0.1-mdv2011.0.x86_64.rpm\n aec6da25319585e53623471734f99c57 2011/x86_64/apache-conf-2.2.21-0.1-mdv2011.0.x86_64.rpm\n e8600455214ad4f2303d9f36576e4952 2011/x86_64/apache-devel-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 90694f3211fca3d436ec4130b8bb43e2 2011/x86_64/apache-doc-2.2.21-0.1-mdv2011.0.noarch.rpm\n fd3f6a51c8abf8b1ff8356489ba6d6e1 2011/x86_64/apache-htcacheclean-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 796c8129bbc160455587bc54c58c2220 2011/x86_64/apache-mod_authn_dbd-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 61add54b6e0c8306dff065a150b262e2 2011/x86_64/apache-mod_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm\n cb98169c29008c256662f3a08141bf95 2011/x86_64/apache-mod_dav-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 5aa03ee54a7e40d41fd746fd1a223c72 2011/x86_64/apache-mod_dbd-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 386a956f014fe2d64dfe38fc261abd39 2011/x86_64/apache-mod_deflate-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 5a473bc45fa59323c4d526dd4f5a30d3 2011/x86_64/apache-mod_disk_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm\n aaa544f7a4912c161a2c73e222ae87d6 2011/x86_64/apache-mod_file_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm\n f04054edc62a24ea9042c5b41074bd1d 2011/x86_64/apache-mod_ldap-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 1c97f63c1169f483d086a94b97f5c421 2011/x86_64/apache-mod_mem_cache-2.2.21-0.1-mdv2011.0.x86_64.rpm\n ca912c34fec5cf470947a7f87e9705a4 2011/x86_64/apache-mod_proxy-2.2.21-0.1-mdv2011.0.x86_64.rpm\n b5ae70a8ed412e40275b4de7b639caa0 2011/x86_64/apache-mod_proxy_ajp-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 6b11b032c13277712c336405ea23a8b0 2011/x86_64/apache-mod_proxy_scgi-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 874a420342f1ea9278e014b79fe5a337 2011/x86_64/apache-mod_reqtimeout-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 2757b3d7c8261563e22c41d3f94aaa29 2011/x86_64/apache-mod_ssl-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 6edbc6963aab9beee507f9a3c8be38a2 2011/x86_64/apache-mod_suexec-2.2.21-0.1-mdv2011.0.x86_64.rpm\n fe6143eaa1acc0de751198ea19129279 2011/x86_64/apache-modules-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 3e66fa1e1e2cf243c1c6472243cb86fe 2011/x86_64/apache-mod_userdir-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 7d45bfd7d3aa87d45d2287fdd9507847 2011/x86_64/apache-mpm-event-2.2.21-0.1-mdv2011.0.x86_64.rpm\n bce9e2cdffe45cbc4baf72f0d0c4000e 2011/x86_64/apache-mpm-itk-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 217bd96dfa802f7d049b6fd12600b154 2011/x86_64/apache-mpm-peruser-2.2.21-0.1-mdv2011.0.x86_64.rpm\n cc304b9011d16d7f3cf5c8250e4d9f18 2011/x86_64/apache-mpm-prefork-2.2.21-0.1-mdv2011.0.x86_64.rpm\n a8bb9b62c39f98a6df728d51a4fff39a 2011/x86_64/apache-mpm-worker-2.2.21-0.1-mdv2011.0.x86_64.rpm\n 7d41c857be2574ac5f3ea7090a1f3c78 2011/x86_64/apache-source-2.2.21-0.1-mdv2011.0.x86_64.rpm \n 4376094cd799523a1a7666f4e768707d 2011/SRPMS/apache-2.2.21-0.1.src.rpm\n b37e2a1dafb6883a10cefb4140e9635e 2011/SRPMS/apache-conf-2.2.21-0.1.src.rpm\n d83c587ad4d56a31362f67334bbf9455 2011/SRPMS/apache-doc-2.2.21-0.1.src.rpm\n 0b4a145fd5ff8c11a53956f750cdbd42 2011/SRPMS/apache-mod_suexec-2.2.21-0.1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \nHP OpenView Network Node Manager (OV NNM) v7.53 running on HP-UX, Linux, and Solaris. \n\nApache-2.2.21.tar.gz is available using ftp. \n\nHost\n Account\n Password\n\nftp.usa.hp.com\n sb02704\n Secure12\n\nAfter downloading Apache-2.2.21.tar.gz optionally verify the SHA1 check sum:\nSHA1(Apache-2.2.21.tar)= 642721cac9a7c4d1e8e6033a5198071bbdd54840\nSHA1(Apache-2.2.21.tar.gz)= 87d0c04be6dd06b52f1b9c7c645ce39fad117a08\n\nThe Apache-2.2.21.tar archive contains a README.txt file with installation instructions", "sources": [ { "db": "NVD", "id": "CVE-2011-3192" }, { "db": "CERT/CC", "id": "VU#405811" }, { "db": "JVNDB", "id": "JVNDB-2011-002172" }, { "db": "VULMON", "id": "CVE-2011-3192" }, { "db": "PACKETSTORM", "id": "104804" }, { "db": "PACKETSTORM", "id": "105792" }, { "db": "PACKETSTORM", "id": "105422" }, { "db": "PACKETSTORM", "id": "105120" }, { "db": "PACKETSTORM", "id": "104836" }, { "db": "PACKETSTORM", "id": "117251" }, { "db": "PACKETSTORM", "id": "104969" }, { "db": "PACKETSTORM", "id": "105184" }, { "db": "PACKETSTORM", "id": "106788" }, { "db": "PACKETSTORM", "id": "106557" } ], "trust": 3.33 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=17696", "trust": 0.2, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3192" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-3192", "trust": 2.8 }, { "db": "CERT/CC", "id": "VU#405811", "trust": 2.6 }, { "db": "BID", "id": "49303", "trust": 1.8 }, { "db": "SECUNIA", "id": "45606", "trust": 1.8 }, { "db": "SECTRACK", "id": "1025960", "trust": 1.8 }, { "db": "OSVDB", "id": "74721", "trust": 1.8 }, { "db": "SECUNIA", "id": "46000", "trust": 1.0 }, { "db": "SECUNIA", "id": "45937", "trust": 1.0 }, { "db": "SECUNIA", "id": "46125", "trust": 1.0 }, { "db": "SECUNIA", "id": "46126", "trust": 1.0 }, { "db": "EXPLOIT-DB", "id": "17696", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-002172", "trust": 0.8 }, { "db": "SECUNIA", "id": "45865", "trust": 0.2 }, { "db": "VULMON", "id": "CVE-2011-3192", "trust": 0.1 }, { "db": "HITACHI", "id": "HS11-019", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "104804", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105792", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105422", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105120", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "104836", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "117251", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "104969", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105184", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106788", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106557", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#405811" }, { "db": "VULMON", "id": "CVE-2011-3192" }, { "db": "JVNDB", "id": "JVNDB-2011-002172" }, { "db": "PACKETSTORM", "id": "104804" }, { "db": "PACKETSTORM", "id": "105792" }, { "db": "PACKETSTORM", "id": "105422" }, { "db": "PACKETSTORM", "id": "105120" }, { "db": "PACKETSTORM", "id": "104836" }, { "db": "PACKETSTORM", "id": "117251" }, { "db": "PACKETSTORM", "id": "104969" }, { "db": "PACKETSTORM", "id": "105184" }, { "db": "PACKETSTORM", "id": "106788" }, { "db": "PACKETSTORM", "id": "106557" }, { "db": "NVD", "id": "CVE-2011-3192" } ] }, "id": "VAR-201108-0132", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.23680949000000004 }, "last_update_date": "2024-11-28T21:09:46.556000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fixed in Apache httpd 2.2.20", "trust": 0.8, "url": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.20" }, { "title": "Downloading the Apache HTTP Server", "trust": 0.8, "url": "http://httpd.apache.org/download.cgi" }, { "title": "Range header DoS vulnerability Apache HTTPD 1.3/2.x UPDATE 2", "trust": 0.8, "url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C20110826103531.998348F82@minotaur.apache.org%3E" }, { "title": "Range header DoS vulnerability Apache HTTPD 1.3/2.x", "trust": 0.8, "url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C20110824161640.122D387DD@minotaur.apache.org%3E" }, { "title": "Apache HTTP Server 2.2.20 Released", "trust": 0.8, "url": "http://www.apache.org/dist/httpd/Announcement2.2.html" }, { "title": "HT5002", "trust": 0.8, "url": "http://support.apple.com/kb/HT5002" }, { "title": "Changes with Apache 2.2.20", "trust": 0.8, "url": "http://www.apache.org/dist/httpd/CHANGES_2.2.20" }, { "title": "cisco-sa-20110830-apache", "trust": 0.8, "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110830-apache" }, { "title": "HS11-020", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-020/index.html" }, { "title": "HS11-021", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-021/index.html" }, { "title": "HS11-022", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-022/index.html" }, { "title": "HS11-019", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-019/index.html" }, { "title": "HPSBOV02822 SSRT100966", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03517954" }, { "title": "HPSBUX02707 SSRT100626", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03025215" }, { "title": "HPSBUX02702 SSRT100606", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02997184" }, { "title": "7021867", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27021867#8001" }, { "title": "4030863", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24030863" }, { "title": "1512087", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21512087" }, { "title": "J1008285", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=jpn1J1008285" }, { "title": "J1008222", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=jpn1J1008222" }, { "title": "2236", "trust": 0.8, "url": "https://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=2236" }, { "title": "NV11-005", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv11-005.html" }, { "title": "SUSE-SU-2011:1010", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.html" }, { "title": "openSUSE-SU-2011:0993", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html" }, { "title": "SUSE-SU-2011:1000", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html" }, { "title": "SUSE-SU-2011:1007", "trust": 0.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.html" }, { "title": "Oracle Critical Patch Update Advisory - January 2012", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" }, { "title": "Oracle Critical Patch Update Advisory - July 2012", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" }, { "title": "Text Form of Oracle Critical Patch Update - July 2012 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012verbose-392736.html" }, { "title": "alert-cve-2011-3192-485304", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html" }, { "title": "RHSA-2011:1369", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2011-1369.html" }, { "title": "RHSA-2011:1330", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2011-1330.html" }, { "title": "RHSA-2011:1294", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2011-1294.html" }, { "title": "RHSA-2011:1329", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2011-1329.html" }, { "title": "RHSA-2011:1300", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2011-1300.html" }, { "title": "RHSA-2011:1245", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2011-1245.html" }, { "title": "Ridoc\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u88fd\u54c1\u3067\u306e\u300cApache HTTPD \u30b5\u30fc\u30d0\u30fc\u306b\u304a\u3051\u308b\u30b5\u30fc\u30d3\u30b9\u904b\u7528\u59a8\u5bb3 (DoS) \u306e\u8106\u5f31\u6027\u300d\u306b\u3064\u3044\u3066", "trust": 0.8, "url": "http://www.ricoh.co.jp/support/news/121114.html" }, { "title": "MDVSA-2011:130", "trust": 0.8, "url": "http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2011:130" }, { "title": "January 2012 Critical Patch Update Released", "trust": 0.8, "url": "http://blogs.oracle.com/security/entry/january_2012_critical_patch_update" }, { "title": "CVE-2011-3192 Denial of Service vulnerability in Apache HTTP Server", "trust": 0.8, "url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_3192_denial_of1" }, { "title": "July 2012 Critical Patch Update Released", "trust": 0.8, "url": "http://blogs.oracle.com/security/entry/july_2012_critical_patch_update" }, { "title": "cve_2011_3192_denial_of", "trust": 0.8, "url": "http://blogs.oracle.com/sunsecurity/entry/cve_2011_3192_denial_of" }, { "title": "USN-1199-1", "trust": 0.8, "url": "http://www.ubuntu.com/usn/USN-1199-1/" }, { "title": "interstage_as_201102", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201102.html" }, { "title": "cisco-sa-20110830-apache", "trust": 0.8, "url": "http://www.cisco.com/cisco/web/support/JP/110/1108/1108502_cisco-sa-20110830-apache-j.html" }, { "title": "HS11-021", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-021/index.html" }, { "title": "HS11-022", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-022/index.html" }, { "title": "HS11-019", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-019/index.html" }, { "title": "HS11-020", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-020/index.html" }, { "title": "VU#405811", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/vu405811.html" }, { "title": "Ubuntu Security Notice: apache2 vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1199-1" }, { "title": "Cisco: Apache HTTPd Range Header Denial of Service Vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20110830-apache" }, { "title": "Debian Security Advisories: DSA-2298-2 apache2 -- denial of service", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=7227b6751a2a5332a53278f1881d559f" }, { "title": "Amazon Linux AMI: ALAS-2011-001", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2011-001" }, { "title": "Red Hat: Moderate: httpd security and bug fix update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120542 - Security Advisory" }, { "title": "", "trust": 0.1, "url": "https://github.com/Live-Hack-CVE/CVE-2011-3192 " }, { "title": "MNCanyon", "trust": 0.1, "url": "https://github.com/MNCanyon/MNCanyon " }, { "title": "haproxy-ddos", "trust": 0.1, "url": "https://github.com/analytically/haproxy-ddos " }, { "title": "DDoS-Script", "trust": 0.1, "url": "https://github.com/Encapsulate/DDoS-Script " }, { "title": "Mind_help", "trust": 0.1, "url": "https://github.com/MNCanyon/Mind_help " }, { "title": "DC-p0t", "trust": 0.1, "url": "https://github.com/5p1n6a11/DC-p0t " } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-3192" }, { "db": "JVNDB", "id": "JVNDB-2011-002172" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-400", "trust": 1.0 }, { "problemtype": "CWE-399", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-002172" }, { "db": "NVD", "id": "CVE-2011-3192" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.8, "url": "http://www.apache.org/dist/httpd/announcement2.2.html" }, { "trust": 1.8, "url": "http://osvdb.org/74721" }, { "trust": 1.8, "url": "http://secunia.com/advisories/45606" }, { "trust": 1.8, "url": "http://www.securityfocus.com/bid/49303" }, { "trust": 1.8, "url": "http://www.kb.cert.org/vuls/id/405811" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.html" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=131551295528105\u0026w=2" }, { "trust": 1.0, "url": "https://help.ecostruxureit.com/display/public/uadce725/security+fixes+in+struxureware+data+center+expert+v7.6.0" }, { "trust": 1.0, "url": "http://www.exploit-db.com/exploits/17696" }, { "trust": 1.0, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14824" }, { "trust": 1.0, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a18827" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=51714" }, { "trust": 1.0, "url": "http://www.gossamer-threads.com/lists/apache/dev/401638" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html" }, { "trust": 1.0, "url": "http://secunia.com/advisories/45937" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2011-1329.html" }, { "trust": 1.0, "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.html" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2011-1245.html" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=134987041210674\u0026w=2" }, { "trust": 1.0, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=732928" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=133477473521382\u0026w=2" }, { "trust": 1.0, "url": "http://secunia.com/advisories/46000" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2011-1330.html" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=131731002122529\u0026w=2" }, { "trust": 1.0, "url": "http://secunia.com/advisories/46125" }, { "trust": 1.0, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14762" }, { "trust": 1.0, "url": "http://www.cisco.com/en/us/products/products_security_advisory09186a0080b90d73.shtml" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://seclists.org/fulldisclosure/2011/aug/175" }, { "trust": 1.0, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69396" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html" }, { "trust": 1.0, "url": "http://securitytracker.com/id?1025960" }, { "trust": 1.0, "url": "http://secunia.com/advisories/46126" }, { "trust": 1.0, "url": "http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3ccaapsnn2po-d-c4nqt_tes2rrwizr7urefhtkpwbc1b+k1dqc7g%40mail.gmail.com%3e" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2011-1294.html" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2011-1369.html" }, { "trust": 1.0, "url": "http://blogs.oracle.com/security/entry/security_alert_for_cve_2011" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://www.redhat.com/support/errata/rhsa-2011-1300.html" }, { "trust": 1.0, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:130" }, { "trust": 1.0, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://marc.info/?l=bugtraq\u0026m=132033751509019\u0026w=2" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.html" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" }, { "trust": 1.0, "url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122d387dd%40minotaur.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html" }, { "trust": 1.0, "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html" }, { "trust": 1.0, "url": "http://support.apple.com/kb/ht5002" }, { "trust": 1.0, "url": "http://www.ubuntu.com/usn/usn-1199-1" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00003.html" }, { "trust": 1.0, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:150" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.0, "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e" }, { "trust": 0.9, "url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110826103531.998348f82@minotaur.apache.org%3e" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3192" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3192" }, { "trust": 0.8, "url": "http://blog.spiderlabs.com/2011/08/mitigation-of-apache-range-header-dos-attack.html" }, { "trust": 0.8, "url": "http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122d387dd@minotaur.apache.org%3e" }, { "trust": 0.8, "url": "http://www.apache.org/dist/httpd/changes_2.2.20" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20110831-apache.html" }, { "trust": 0.8, "url": "https://www.jpcert.or.jp/at/2011/at110023.html" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu405811" }, { "trust": 0.8, "url": "http://jvn.jp/tr/jvntr-2011-05" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-3192" }, { "trust": 0.8, "url": "http://www.securitytracker.com/id?1025960" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0419" }, { "trust": 0.4, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.3, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.3, "url": "https://www.hp.com/go/swa" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3348" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3192.html" }, { "trust": 0.2, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.2, "url": "http://www.mandriva.com/security/" }, { "trust": 0.2, "url": "http://secunia.com/" }, { "trust": 0.2, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.2, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/blog/242" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45865" }, { "trust": 0.1, "url": "http://secunia.com/advisories/45865/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/./vuls/hs11-019/index.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/45865/#comments" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1369.html" }, { "trust": 0.1, "url": "https://ftp.usa.hp.com/hprc" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-1294.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1452" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3368" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1928" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4317" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0031" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3607" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_patches.html" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "https://ftp.usa.hp.com/hprc/home" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3348" }, { "trust": 0.1, "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=51878" } ], "sources": [ { "db": "CERT/CC", "id": "VU#405811" }, { "db": "JVNDB", "id": "JVNDB-2011-002172" }, { "db": "PACKETSTORM", "id": "104804" }, { "db": "PACKETSTORM", "id": "105792" }, { "db": "PACKETSTORM", "id": "105422" }, { "db": "PACKETSTORM", "id": "105120" }, { "db": "PACKETSTORM", "id": "104836" }, { "db": "PACKETSTORM", "id": "117251" }, { "db": "PACKETSTORM", "id": "104969" }, { "db": "PACKETSTORM", "id": "105184" }, { "db": "PACKETSTORM", "id": "106788" }, { "db": "PACKETSTORM", "id": "106557" }, { "db": "NVD", "id": "CVE-2011-3192" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#405811" }, { "db": "VULMON", "id": "CVE-2011-3192" }, { "db": "JVNDB", "id": "JVNDB-2011-002172" }, { "db": "PACKETSTORM", "id": "104804" }, { "db": "PACKETSTORM", "id": "105792" }, { "db": "PACKETSTORM", "id": "105422" }, { "db": "PACKETSTORM", "id": "105120" }, { "db": "PACKETSTORM", "id": "104836" }, { "db": "PACKETSTORM", "id": "117251" }, { "db": "PACKETSTORM", "id": "104969" }, { "db": "PACKETSTORM", "id": "105184" }, { "db": "PACKETSTORM", "id": "106788" }, { "db": "PACKETSTORM", "id": "106557" }, { "db": "NVD", "id": "CVE-2011-3192" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-08-26T00:00:00", "db": "CERT/CC", "id": "VU#405811" }, { "date": "2011-08-29T00:00:00", "db": "VULMON", "id": "CVE-2011-3192" }, { "date": "2011-09-01T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002172" }, { "date": "2011-09-06T04:48:58", "db": "PACKETSTORM", "id": "104804" }, { "date": "2011-10-14T05:53:11", "db": "PACKETSTORM", "id": "105792" }, { "date": "2011-09-29T18:05:00", "db": "PACKETSTORM", "id": "105422" }, { "date": "2011-09-14T22:52:49", "db": "PACKETSTORM", "id": "105120" }, { "date": "2011-09-07T00:26:51", "db": "PACKETSTORM", "id": "104836" }, { "date": "2012-10-10T02:28:54", "db": "PACKETSTORM", "id": "117251" }, { "date": "2011-09-10T01:00:13", "db": "PACKETSTORM", "id": "104969" }, { "date": "2011-09-17T19:02:19", "db": "PACKETSTORM", "id": "105184" }, { "date": "2011-11-09T16:26:04", "db": "PACKETSTORM", "id": "106788" }, { "date": "2011-11-03T22:08:17", "db": "PACKETSTORM", "id": "106557" }, { "date": "2011-08-29T15:55:02.017000", "db": "NVD", "id": "CVE-2011-3192" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-09-19T00:00:00", "db": "CERT/CC", "id": "VU#405811" }, { "date": "2022-09-19T00:00:00", "db": "VULMON", "id": "CVE-2011-3192" }, { "date": "2017-07-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-002172" }, { "date": "2024-11-21T01:29:56.747000", "db": "NVD", "id": "CVE-2011-3192" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "105792" }, { "db": "PACKETSTORM", "id": "105120" }, { "db": "PACKETSTORM", "id": "105184" }, { "db": "PACKETSTORM", "id": "106788" } ], "trust": 0.4 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache HTTPD 1.3/2.x Range header DoS vulnerability", "sources": [ { "db": "CERT/CC", "id": "VU#405811" } ], "trust": 0.8 } }
var-201102-0280
Vulnerability from variot
The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. IBM WebSphere Application Server (WAS) contains a denial-of-service (DoS) vulnerability. IBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE). According to the developer: " For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability."A remote attacker may cause a denial-of-service (DoS). plural Oracle Product Java Runtime Environment Components include Java language and APIs There are vulnerabilities that affect availability due to flaws in the handling of.Service disruption by a third party (DoS) An attack may be carried out. A wide range of products are affected. Oracle Java is prone to a remote denial-of-service vulnerability. Successful attacks will cause applications written in Java to hang, creating a denial-of-service condition. HP OpenVMS running J2SE 1.42 on Alpha platforms: v 1.42-9 and earlier. HP OpenVMS running J2SE 1.42 on I64 platforms: v 1.42-6 and earlier. HP OpenVMS running J2SE 5.0 on Alpha platforms: v 1.50-7 and earlier. HP OpenVMS running J2SE 5.0 on I64 platforms: v 1.50-6 and earlier. HP OpenVMS running Java SE 6 on Alpha and I64 platforms: v 6.0-2 and earlier. The updates are available from: http://www.hp.com/go/java
These issues are addressed in the following versions of the HP Java:
HP-UX B.11.11 / SDK and JRE v1.4.2.28 or subsequent
HP-UX B.11.23 / SDK and JRE v1.4.2.28 or subsequent
HP-UX B.11.31 / SDK and JRE v1.4.2.28 or subsequent
MANUAL ACTIONS: Yes - Update
For Java v1.4.2.27 and earlier, update to Java v1.4.2.28 or subsequent. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2011:054 http://www.mandriva.com/security/
Package : java-1.6.0-openjdk Date : March 27, 2011 Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0
Problem Description:
Multiple vulnerabilities has been identified and fixed in java-1.6.0-openjdk:
The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from the checkPermission method instead of throwing an exception in certain circumstances, which might allow context-dependent attackers to bypass the intended security policy by creating instances of ClassLoader (CVE-2010-4351). NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves DNS cache poisoning by untrusted applets. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable (CVE-2010-4450). NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the lack of framework support by AWT event dispatch, and/or clipboard access in Applets. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is heap corruption related to the Verifier and backward jsrs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to Features set on SchemaFactory not inherited by Validator. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is related to the exposure of system properties via vectors related to Font.createFont and exception text (CVE-2010-4471). NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the XML DSig Transform or C14N algorithm implementations.
IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does not properly verify signatures for JAR files that (1) are partially signed or (2) signed by multiple entities, which allows remote attackers to trick users into executing code that appears to come from a trusted source (CVE-2011-0025).
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of an inappropriate security descriptor. (CVE-2011-0706)
Additionally the java-1.5.0-gcj packages were not rebuilt with the shipped version on GCC for 2009.0 and Enterprise Server 5 which caused problems while building the java-1.6.0-openjdk updates, therefore rebuilt java-1.5.0-gcj packages are being provided with this advisory as well.
Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0025 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0706
Updated Packages:
Mandriva Linux 2009.0: cfea90f1f20d28bf5a2f628e0a910eaa 2009.0/i586/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm d3188bf2f1da126b4d04e920e331d831 2009.0/i586/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm 1b4994018478f335d49531d9d5e60642 2009.0/i586/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm 078af1b826c27ea3c7befc88ace7ebd5 2009.0/i586/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm d1c6cba2035f8eada4e351310ebf7be2 2009.0/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.i586.rpm 8b53c26f88092819346654a339b44622 2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2009.0.i586.rpm fc8af257ef8db0d37f3bfff954740c0b 2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2009.0.i586.rpm 6cd5f5cdb27e4c8936292aef0aa5010c 2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2009.0.i586.rpm 03fdab84535710ac263c08b3870cb062 2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2009.0.i586.rpm 0232ce60d1d6e1072e50a13f2b416fcc 2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2009.0.i586.rpm fc94465e0b7e5fe50095c15726d38699 2009.0/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm 79aa73d85fe13e803173a9c520ac1bd8 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: 5728fe31661213beab52fe97f9af91ad 2009.0/x86_64/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm bd5a2a20d168ddcebe29bb109fea38c2 2009.0/x86_64/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm a37818a53a8dbfa85d82bcf3bf83e08f 2009.0/x86_64/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm ed9d1baa365606c512783863da3e0bd8 2009.0/x86_64/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm b5e70c75ecc67f8f1f7f22ca55059a8b 2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm 071df613e884a9faf3525661280b19d6 2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm 81b79e0a8ae29c5bcff3fa6872ad52e9 2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm b5818cbad798514f02ee26c346d1e077 2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm d80e3970d9279df1f9dddd46bcb01380 2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm d72298b296819ab6791e28449d3cf475 2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm fc94465e0b7e5fe50095c15726d38699 2009.0/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm 79aa73d85fe13e803173a9c520ac1bd8 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.src.rpm
Mandriva Linux 2010.0: bbe3a5e4538edd269e8e8c846d02ec50 2010.0/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.i586.rpm 825fa39b02a627993df166acad99e002 2010.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.0.i586.rpm b30390e1d4457964f60630c95b36e768 2010.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.0.i586.rpm f6123d9a0852fabdf596850979b58e4d 2010.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.0.i586.rpm f2ec2f80944f1f401154d2fb2c2ad64d 2010.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.0.i586.rpm 68ed360de6ee490d80906fd561459faa 2010.0/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.0.i586.rpm f7cb05087b53d464084c1d9975f914b1 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: 11e65a4c18288572327dd4c4f8841f94 2010.0/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm 58bdac45685c3146adb44cb2c006811f 2010.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm e9dfc0bd42192c92b2a788809226ff27 2010.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm afcef69bfa7804c70df2684b2ed19634 2010.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm 64ea6c5ab1b71b8a0f163aa1f7581c69 2010.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm beb768b3e0714331050baf31a8e88bc9 2010.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm f7cb05087b53d464084c1d9975f914b1 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.src.rpm
Mandriva Linux 2010.1: c2736e4b08921bb5de8dbad3e13bb988 2010.1/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.i586.rpm 884207fa52ea3e168710dfb3988229d5 2010.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.2.i586.rpm a0d0a86bbc5dcc9d2eff2dc2e14ae083 2010.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.2.i586.rpm dc1dd774b5eb1efb1a785b0ff4bc8f94 2010.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.2.i586.rpm 41cffbd28ed3d467e465328d8369116a 2010.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.2.i586.rpm ae4064b170d4e2fcd0b4949cd53af79e 2010.1/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.2.i586.rpm f44cc336bcd85dbfd7c589b1b34e1907 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64: 556d72a8cf60df24274bb49938a2791c 2010.1/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm e7e183d456383ad562cdb9da84e0f899 2010.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm 035fccb2950b8a87cd4b597c866d5831 2010.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm a76c326c10b87a62be32100d0eddd75f 2010.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm 09ad2b77e3c48b3e16010c8c93fa8f9b 2010.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm 042beb49ddd872902a8faea3e425b792 2010.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm f44cc336bcd85dbfd7c589b1b34e1907 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.src.rpm
Mandriva Enterprise Server 5: 2bf537286d1406c491061e07a73c96ec mes5/i586/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm fb125806cc547d2c69cf13ae67c835d5 mes5/i586/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm 657a9fb9b644be8f8a49442a8210d56a mes5/i586/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm fff64cbf465a2a701c248ad5cc4c89c6 mes5/i586/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm 8ba9fe5adad781d341ba764b661c8c92 mes5/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm 75de95d6064fe9d552795deb0768dfca mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm 9f5ccbfff9afb405baadfc67f8173617 mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm 70de70d7adaccff5397814d31bd51a96 mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm 94b138e8a423f2f8c2ad137577bb4d42 mes5/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm fd7dc4b050b6e07ea7686a72c2704ccd mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm 2899dfa5a7491a13e85736bf588913d9 mes5/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm 4fc6e8041b5a93a3a71082fb1cbead26 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64: 11c7cdc078dcd9cf30e818f4fb4c4e1f mes5/x86_64/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm 6c6185f429a1672255e30cf00c2af065 mes5/x86_64/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm f194361aa7a5cfeec17745f0ee158962 mes5/x86_64/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm 7d2679d156a618d7ba847ba2ebcede4b mes5/x86_64/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm 8ae3d0065764f69d1546a61b895a4244 mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm 8ef4ab6f5f8f421c1b36dfae807350a5 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm d504a7493fc86d5750c849f738bb6167 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm 3c044a087cc5225fd9ad138dcea5fa7d mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm b89fa5785567340525aa5b57c8b9440c mes5/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm 3dc504dbf7161b1026bf41298118a819 mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm 2899dfa5a7491a13e85736bf588913d9 mes5/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm 4fc6e8041b5a93a3a71082fb1cbead26 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFNj4A1mqjQ0CJFipgRAqd9AKDH+zN9xFfcPlQmGWMRSOqb+xjI4QCfbvvt DHgr6vgcxh6XXAElZkDBIws= =7L47 -----END PGP SIGNATURE----- . ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial: http://secunia.com/products/corporate/vim/
TITLE: Apache Tomcat Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA43198
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43198/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43198
RELEASE DATE: 2011-02-07
DISCUSS ADVISORY: http://secunia.com/advisories/43198/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43198/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43198
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service).
1) An error due to the "ServletContect" attribute improperly being restricted to read-only when running under a SecurityManager can be exploited by a malicious web application to use an arbitrary working directory with read-write privileges.
2) Certain input (e.g. display names) is not properly sanitised in the HTML Manager interface before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
3) An error within the JVM when accessing a page that calls "javax.servlet.ServletRequest.getLocale()" or "javax.servlet.ServletRequest.getLocales()" functions can be exploited to cause the process to hang via a web request containing specially crafted headers (e.g. "Accept-Language").
This vulnerability is reported in versions prior to 5.5.33.
PROVIDED AND/OR DISCOVERED BY: 1, 2) Reported by the vendor. 3) Konstantin Preiber
ORIGINAL ADVISORY: Apache Tomcat: http://tomcat.apache.org/security-5.html http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0075.html
Konstantin Preiber: http://www.exploringbinary.com/why-volatile-fixes-the-2-2250738585072011e-308-bug/comment-page-1/#comment-4645
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Such input strings represent valid numbers and can be contained in data supplied by an attacker over the network, leading to a denial-of-service attack.
For the old stable distribution (lenny), this problem has been fixed in version 6b18-1.8.3-2~lenny1.
Note that this update introduces an OpenJDK package based on the IcedTea release 1.8.3 into the old stable distribution. This addresses several dozen security vulnerabilities, most of which are only exploitable by malicious mobile code. A notable exception is CVE-2009-3555, the TLS renegotiation vulnerability. This update implements the protocol extension described in RFC 5746, addressing this issue.
This update also includes a new version of Hotspot, the Java virtual machine, which increases the default heap size on machines with several GB of RAM. If you run several JVMs on the same machine, you might have to reduce the heap size by specifying a suitable -Xmx argument in the invocation of the "java" command. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c02729756 Version: 1
HPSBUX02633 SSRT100387 rev.1 - HP-UX running Java, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2011-02-23 Last Updated: 2011-02-23
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential vulnerability has been identified with HP-UX running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS).
References: CVE-2010-4476
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. Any version of Java running on HP-UX 11.11, HP-UX 11.23, or HP-UX 11.31.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made the following software tool available to resolve the vulnerability. This tool can be used to update all versions of HP-UX Java.
To download the FPUpdater tool, go to https://www.hp.com/go/java then click on the link for the FPUpdater tool
An HP Passport user ID is required to download the FPUpdater tool and its Readme file. For information on registering for an HP Passport user ID, refer to: https://passport2.hp.com
MANUAL ACTIONS: Yes - Update
Update using FPUpdater
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11 HP-UX B.11.23 HP-UX B.11.31 =========== action: update using FPUpdater if Java is installed
END AFFECTED VERSIONS
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
HISTORY Version:1 (rev.1) - 23 February 2011 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2011 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk1sQl4ACgkQ4B86/C0qfVkZoACg+A0Nrllhsgj+ZNVRWBJtSGg0 +McAoLe5aV6VZ16dYIp6IG59vPG8unq8 =sL4p -----END PGP SIGNATURE----- . Customers should open a support case to request the following hotfixes.
NNMi Version / Operating System Required Patch Hotfix
9.1x HP-UX Patch 4 Hotfix-NNMi-9.1xP4-HP-UX-JDK-20120710.zip
9.1x Linux Patch 4 Hotfix-NNMi-9.1xP4-Linux-JDK-20120523.zip
9.1x Solaris Patch 4 Hotfix-NNMi-9.1xP4-Solaris-JDK-20120523.zip
9.1x Windows Patch 4 Hotfix-NNMi-9.1xP4-Windows-JDK-20120523.zip
Note: The hotfix must be installed after the required patch. The hotfix must be reinstalled if the required patch is reinstalled.
MANUAL ACTIONS: Yes - Update
Install the applicable patch and hotfix. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201111-02
http://security.gentoo.org/
Severity: Normal Title: Oracle JRE/JDK: Multiple vulnerabilities Date: November 05, 2011 Bugs: #340421, #354213, #370559, #387851 ID: 201111-02
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jre-bin < 1.6.0.29 >= 1.6.0.29 * 2 app-emulation/emul-linux-x86-java < 1.6.0.29 >= 1.6.0.29 * 3 dev-java/sun-jdk < 1.6.0.29 >= 1.6.0.29 * ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 3 affected packages -------------------------------------------------------------------
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below and the associated Oracle Critical Patch Update Advisory for details.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jdk-1.6.0.29"
All Oracle JRE 1.6 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-java/sun-jre-bin-1.6.0.29"
All users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.6.0.29"
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically. This limitation is not present on a non-fetch restricted implementation such as dev-java/icedtea-bin.
References
[ 1 ] CVE-2010-3541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541 [ 2 ] CVE-2010-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548 [ 3 ] CVE-2010-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549 [ 4 ] CVE-2010-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550 [ 5 ] CVE-2010-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551 [ 6 ] CVE-2010-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552 [ 7 ] CVE-2010-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553 [ 8 ] CVE-2010-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554 [ 9 ] CVE-2010-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555 [ 10 ] CVE-2010-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556 [ 11 ] CVE-2010-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557 [ 12 ] CVE-2010-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558 [ 13 ] CVE-2010-3559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559 [ 14 ] CVE-2010-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560 [ 15 ] CVE-2010-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561 [ 16 ] CVE-2010-3562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562 [ 17 ] CVE-2010-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563 [ 18 ] CVE-2010-3565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565 [ 19 ] CVE-2010-3566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566 [ 20 ] CVE-2010-3567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567 [ 21 ] CVE-2010-3568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568 [ 22 ] CVE-2010-3569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569 [ 23 ] CVE-2010-3570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570 [ 24 ] CVE-2010-3571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571 [ 25 ] CVE-2010-3572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572 [ 26 ] CVE-2010-3573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573 [ 27 ] CVE-2010-3574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574 [ 28 ] CVE-2010-4422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422 [ 29 ] CVE-2010-4447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447 [ 30 ] CVE-2010-4448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448 [ 31 ] CVE-2010-4450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450 [ 32 ] CVE-2010-4451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451 [ 33 ] CVE-2010-4452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452 [ 34 ] CVE-2010-4454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454 [ 35 ] CVE-2010-4462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462 [ 36 ] CVE-2010-4463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463 [ 37 ] CVE-2010-4465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465 [ 38 ] CVE-2010-4466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466 [ 39 ] CVE-2010-4467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467 [ 40 ] CVE-2010-4468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468 [ 41 ] CVE-2010-4469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469 [ 42 ] CVE-2010-4470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470 [ 43 ] CVE-2010-4471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471 [ 44 ] CVE-2010-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472 [ 45 ] CVE-2010-4473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473 [ 46 ] CVE-2010-4474 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474 [ 47 ] CVE-2010-4475 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475 [ 48 ] CVE-2010-4476 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476 [ 49 ] CVE-2011-0802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802 [ 50 ] CVE-2011-0814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814 [ 51 ] CVE-2011-0815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815 [ 52 ] CVE-2011-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862 [ 53 ] CVE-2011-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863 [ 54 ] CVE-2011-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864 [ 55 ] CVE-2011-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865 [ 56 ] CVE-2011-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867 [ 57 ] CVE-2011-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868 [ 58 ] CVE-2011-0869 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869 [ 59 ] CVE-2011-0871 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871 [ 60 ] CVE-2011-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872 [ 61 ] CVE-2011-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873 [ 62 ] CVE-2011-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389 [ 63 ] CVE-2011-3516 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516 [ 64 ] CVE-2011-3521 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521 [ 65 ] CVE-2011-3544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544 [ 66 ] CVE-2011-3545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545 [ 67 ] CVE-2011-3546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546 [ 68 ] CVE-2011-3547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547 [ 69 ] CVE-2011-3548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548 [ 70 ] CVE-2011-3549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549 [ 71 ] CVE-2011-3550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550 [ 72 ] CVE-2011-3551 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551 [ 73 ] CVE-2011-3552 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552 [ 74 ] CVE-2011-3553 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553 [ 75 ] CVE-2011-3554 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554 [ 76 ] CVE-2011-3555 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555 [ 77 ] CVE-2011-3556 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556 [ 78 ] CVE-2011-3557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557 [ 79 ] CVE-2011-3558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558 [ 80 ] CVE-2011-3560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560 [ 81 ] CVE-2011-3561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201111-02.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-1079-3 March 17, 2011 openjdk-6b18 vulnerabilities CVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469, CVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476, CVE-2011-0706 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 10.10: icedtea6-plugin 6b18-1.8.7-0ubuntu2.1 openjdk-6-jre 6b18-1.8.7-0ubuntu2.1 openjdk-6-jre-headless 6b18-1.8.7-0ubuntu2.1
After a standard system update you need to restart any Java services, applications or applets to make all the necessary changes.
Details follow:
USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM) architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes vulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu 10.10.
Original advisory details:
It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. (CVE-2010-4448)
It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. (CVE-2010-4450)
It was discovered that within the Swing library, forged timer events could allow bypass of SecurityManager checks. This could allow an attacker to access restricted resources. (CVE-2010-4465)
It was discovered that certain bytecode combinations confused memory management within the HotSpot JVM. This could allow an attacker to cause a denial of service through an application crash or possibly inject code. (CVE-2010-4469)
It was discovered that the way JAXP components were handled allowed them to be manipulated by untrusted applets. An attacker could use this to bypass XML processing restrictions and elevate privileges. (CVE-2010-4470)
It was discovered that the Java2D subcomponent, when processing broken CFF fonts could leak system properties. (CVE-2010-4471)
It was discovered that a flaw in the XML Digital Signature component could allow an attacker to cause untrusted code to replace the XML Digital Signature Transform or C14N algorithm implementations. (CVE-2010-4472)
Konstantin Prei\xdfer and others discovered that specific double literals were improperly handled, allowing a remote attacker to cause a denial of service. (CVE-2011-0706)
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu2.1.diff.gz
Size/MD5: 149561 b35ae7a82db49282379d36e7ece58484
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu2.1.dsc
Size/MD5: 3015 04cb459aeaab6c228e722caf07a44de9
http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7.orig.tar.gz
Size/MD5: 71430490 b2811b2e53cd9abaad6959d33fe10d19
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 377802 d4439da20492eafbccb33e2fe979e8c9
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 78338 7bdf93e00fd81dc82fd0d9a8b4e905c7
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 85497146 1512e0d6563dd5120729cf5b993c618c
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 1545620 544c54891d44bdac534c81318a7f2bcb
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 9140042 0a2d6ed937081800baeb6fc55326a754
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 30092886 4cc5ad7c54638278e55ee7d2acaab413
http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 266102 4278c2c06387cf883325356efda3c4d4
http://ports.ubuntu.com/pool/universe/o/openjdk-6b18/openjdk-6-jre-zero_6b18-1.8.7-0ubuntu2.1_armel.deb
Size/MD5: 1959296 6becfb4d5a2ecbe7aee622b84df57f12
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201102-0280", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "hp systems insight manager", "scope": "eq", "trust": 3.2, "vendor": "hewlett packard l p", "version": "prior to v7.0" }, { "model": "cosminexus application server enterprise 06-50-/a", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/a", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/b", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/b", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/a", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/c", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/b", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/c", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-50-/b", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/a", "scope": null, "trust": 2.1, "vendor": "hitachi", "version": null }, { "model": "jre", "scope": "eq", "trust": 1.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk", "scope": "eq", "trust": 1.9, "vendor": "sun", "version": "1.4.2" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "08-00-01" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "08-00-01" }, { "model": "cosminexus application server standard 06-50-/c", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "08-00-01" }, { "model": "ucosminexus application server standard 06-70-/a", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/f", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/b", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "07-10" }, { "model": "cosminexus application server standard 06-00-/b", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "08-00-01" }, { "model": "cosminexus application server enterprise 06-50-/c", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/a", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/f", "scope": null, "trust": 1.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.8, "vendor": "hitachi", "version": "08-00-01" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard 06-70-/d", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/g", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus application server enterprise 06-00-/c", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "jre 011", "scope": "eq", "trust": 1.5, "vendor": "sun", "version": "1.2.2" }, { "model": "cosminexus application server standard 06-00-/e", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-00" }, { "model": "ucosminexus application server standard 06-70-/e", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/d", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/e", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/e", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-50-/e", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-00" }, { "model": "ucosminexus application server enterprise 06-70-/e", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/c", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "jre 010", "scope": "eq", "trust": 1.5, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 1.5, "vendor": "hitachi", "version": "06-50" }, { "model": "ucosminexus application server enterprise 06-70-/d", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/d", "scope": null, "trust": 1.5, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus application server 05-05-/i", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "05-05" }, { "model": "ucosminexus client", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "cosminexus application server 05-05-/d", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "jre 013", "scope": "eq", "trust": 1.2, "vendor": "sun", "version": "1.2.2" }, { "model": "cosminexus application server 05-05-/h", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-60" }, { "model": "jp1/cm2/network node manager starter edition", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "25008-10-01" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "ucosminexus application server enterprise 06-70-/g", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "cosminexus application server 05-05-/f", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/d", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "08-00" }, { "model": "cosminexus application server 05-05-/a", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/e", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-60" }, { "model": "cosminexus application server 05-05-/g", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "jre 014", "scope": "eq", "trust": 1.2, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00-06" }, { "model": "jre", "scope": "eq", "trust": 1.2, "vendor": "sun", "version": "1.2.2" }, { "model": "cosminexus application server 05-05-/b", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/c", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-50-/d", "scope": null, "trust": 1.2, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "08-00" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 1.2, "vendor": "hitachi", "version": "07-00" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.0" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "4.1" }, { "model": "esx", "scope": "eq", "trust": 1.1, "vendor": "vmware", "version": "3.5" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_20" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_4" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_21" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_3" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_27" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_6" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_19" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_9" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_2" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_25" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_23" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_17" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_15" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_3" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_4" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_6" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_5" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_14" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_24" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_9" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_8" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_26" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_11" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_23" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_18" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_22" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_16" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_15" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_17" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_10" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_5" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_14" }, { "model": "sdk", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.4.2_29" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_28" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_24" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_7" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_12" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_8" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_26" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_1" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_13" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_19" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_20" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_02" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_18" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_21" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_11" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_16" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_22" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_27" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_10" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.6.0" }, { "model": "jdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.5.0" }, { "model": "jre", "scope": "lte", "trust": 1.0, "vendor": "sun", "version": "1.4.2_29" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_28" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_7" }, { "model": "sdk", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_25" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_12" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_1" }, { "model": "jre", "scope": "eq", "trust": 1.0, "vendor": "sun", "version": "1.4.2_13" }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.3.1 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jp1/cm2/network node manager starter ed enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "08-00-02" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-00" }, { "model": "jdk 1.5.0 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.8" }, { "model": "sdk 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "ucosminexus application server enterprise 06-71-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 015", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.2.2" }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "cosminexus application server standard 06-02-/a", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "cosminexus application server standard 06-51-/a", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "sdk 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.2.1" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 27", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-03" }, { "model": "jre 1.5.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "cosminexus application server enterprise 06-02-/d", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 007", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.6" }, { "model": "jre 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.2" }, { "model": "sdk 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 01a", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 1.4.2 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "sdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-60" }, { "model": "jre .0 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "01-05" }, { "model": "jdk 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server enterprise 06-02-/c", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre .0 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-50-01" }, { "model": "jre 1.5.0 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 24", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.3.1 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk b 005", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.7" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "processing kit for xml 02-05-/a", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-00" }, { "model": "cosminexus application server enterprise 06-50-/f", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "sdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "cosminexus application server enterprise 06-51-/a", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-71-/c", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.8" }, { "model": "jre 1.3.1 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jdk 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jp1/cm2/network node manager starter ed enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "08-10-01" }, { "model": "sdk 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "processing kit for xml 02-05-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-50" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-10" }, { "model": "jre 16", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.3.1 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre .0 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "sdk .0 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "jre 1.4.2 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1" }, { "model": "cosminexus application server standard 06-02-/d", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 0 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.5.0 10", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server enterprise 06-02-/a", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 1.5.0 27", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "sdk 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-70" }, { "model": "jdk 1.5.0 24", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 1.5.0 25", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-03" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "cosminexus application server standard 06-02-/c", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jp1/cm2/network node manager", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-10" }, { "model": "jre 1.4.2 16", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 17", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "05-00" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jp1/cm2/network node manager starter edition", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "25008-00-02" }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "sdk .0 4", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "sdk 1.4.2 28", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server standard 06-02-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "sdk .0 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "sdk 1.4.2 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.4.2 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "02-00" }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server standard 06-50-/f", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.2.1" }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.4.2 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server enterprise 06-02-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 15", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "sdk 1.4.2 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jp1/cm2/network node manager starter ed enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "08-00-01" }, { "model": "jre 1.4.2 29", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 01", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-03" }, { "model": "jre .0 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "sdk 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "cosminexus application server 05-05-/m", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0 26", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus server web edition", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "-04-01" }, { "model": "jdk 008", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.8" }, { "model": "jdk 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.3.1 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 18", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 1.4.2 22", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-01" }, { "model": "jre 08", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.2" }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-03" }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "sdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-50" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "06-70" }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 02", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "sdk 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 03", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.3.1 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.5.0 12", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4" }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.5.0 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jre 1.4.2 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre .0 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3" }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 1.4.2 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-50" }, { "model": "jdk 1.5.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.4.1" }, { "model": "jre 1.5.0 23", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.3.1" }, { "model": "cosminexus application server standard 06-51-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-50-01" }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "sdk 1.4.2 13", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 09", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.6" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.9, "vendor": "hitachi", "version": "07-00-01" }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "cosminexus application server enterprise 06-51-/b", "scope": null, "trust": 0.9, "vendor": "hitachi", "version": null }, { "model": "jre 007", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.2.2" }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 22", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.5" }, { "model": "jdk 009", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.1.8" }, { "model": "forms", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "4.0, 3.5" }, { "model": "lotus expeditor", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.2" }, { "model": "lotus quickr", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "for websphere portal 8.5, 8.1, 8.0" }, { "model": "mashup center", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "3.0, 2.0, 1.1, 1.0" }, { "model": "websphere dashboard framework", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.1, 6.0" }, { "model": "lotus activeinsight", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.1, 6.0" }, { "model": "lotus connections", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "3.0, 2.5, 2.0, 1.0" }, { "model": "lotus mashups", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "3.0, 2.0, 1.1, 1.0" }, { "model": "lotus sametime advanced", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.0" }, { "model": "lotus sametime standard", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.5" }, { "model": "lotus sametime unified telephony", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "8.5.1, 8.0" }, { "model": "lotus web content management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.0, 6.1" }, { "model": "lotus workforce management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.1" }, { "model": "websphere portlet factory", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "7.0, 6.1" }, { "model": "workplace web content management", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "6.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "to v6.0 to v6.0.2.43" }, { "model": "websphere application server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "to v6.1 to v6.1.0.35" }, { "model": "websphere application server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "to v7.0 to v7.0.0.13" }, { "model": "db2", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "for linux, unix, and windows version 9.1 fp0 to fp10" }, { "model": "db2", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "for linux, unix, and windows version 9.5 fp0 to fp7" }, { "model": "db2", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "for linux, unix, and windows version 9.7 fp0 to fp3a" }, { "model": "websphere application server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "v6.0 to v6.0.2.43" }, { "model": "websphere application server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "v6.1 to v6.1.0.35" }, { "model": "websphere application server", "scope": "eq", "trust": 0.8, "vendor": "ibm", "version": "v7.0 to v7.0.0.13" }, { "model": "esx", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "3.0.3" }, { "model": "esxi", "scope": null, "trust": 0.8, "vendor": "vmware", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.0 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.1 (windows)" }, { "model": "vcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "5.0 (windows)" }, { "model": "virtualcenter", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "2.5 (windows)" }, { "model": "vsphere update manager", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.0 (windows)" }, { "model": "vsphere update manager", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "4.1 (windows)" }, { "model": "vsphere update manager", "scope": "eq", "trust": 0.8, "vendor": "vmware", "version": "5.0 (windows)" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.6" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.5.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.6" }, { "model": "iplanet web server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6.1" }, { "model": "iplanet web server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "7.0" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 (x86-64)" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "5.0 update 27" }, { "model": "jdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 23" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "1.4.2_29" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "5.0 update 27" }, { "model": "jre", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "6 update 23" }, { "model": "sdk", "scope": "lte", "trust": 0.8, "vendor": "sun microsystems", "version": "1.4.2_29" }, { "model": "hp systems insight manager", "scope": "lt", "trust": 0.8, "vendor": "hewlett packard", "version": "7.0" }, { "model": "hp tru64 unix", "scope": "lte", "trust": 0.8, "vendor": "hewlett packard", "version": "running j2se v 1.42-9" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.11" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23 (ia)" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.23 (pa)" }, { "model": "hp-ux", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "11.31" }, { "model": "hp-ux tomcat-based servlet engine", "scope": "eq", "trust": 0.8, "vendor": "hewlett packard", "version": "5.5.30.04" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5.0 (client)" }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8.z extras" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop workstation", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "systemdirector enterprise", "scope": null, "trust": 0.8, "vendor": "nec", "version": null }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus collaboration", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- server" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- standard edition version 4" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- standard edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "groupmax collaboration", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- server" }, { "model": "hirdb realtime monitor", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "device manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "global link manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "it operations analyzer", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "it operations director", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "provisioning manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "replication manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "tiered storage manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "tuning manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "software" }, { "model": "job management partner 1/automatic job management system 2", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web operation assistant( english edition )" }, { "model": "job management partner 1/automatic job management system 2", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web operation assistant/ex( english edition )" }, { "model": "job management partner 1/automatic job management system 3", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web operation assistant( english edition )" }, { "model": "job management partner 1/performance management - web console", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "( overseas edition )" }, { "model": "jp1/automatic job management system 2", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web operation assistant" }, { "model": "jp1/automatic job management system 3", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web operation assistant" }, { "model": "jp1/cm2/network node manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "jp1/cm2/network node manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "i" }, { "model": "jp1/cm2/network node manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "i advanced" }, { "model": "jp1/cm2/network node manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "starter edition 250" }, { "model": "jp1/cm2/network node manager", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "starter edition enterprise" }, { "model": "jp1/cm2/snmp system observer", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand device manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand global link availability manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand provisioning manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand replication monitor", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand tiered storage manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand tuning manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- service support" }, { "model": "jp1/it resource management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- manager" }, { "model": "jp1/performance management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web console" }, { "model": "jp1/performance management", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web console( overseas edition )" }, { "model": "jp1/serverconductor/control manager", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "processing kit for xml", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus client", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus collaboration", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- server" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus navigation", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "developer" }, { "model": "ucosminexus navigation", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "ucosminexus navigation", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - authoring license" }, { "model": "ucosminexus navigation", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - user license" }, { "model": "ucosminexus operator", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus portal framework", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "entry set" }, { "model": "ucosminexus reporting base", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "architect" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "ucosminexus stream data platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus stream data platform", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- application framework" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard set" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "set" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "developer client set" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "developer set" }, { "model": "electronic form workflow", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional library set" }, { "model": "internet navigware server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application development cycle manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "server operation package" }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage list works", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage service integrator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage xml business activity recorder", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker availability view", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker centric manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker it change manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker it process master", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker resource coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker service quality coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "jdk", "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": "jre", "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": "sdk", "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": "jre 005", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus application server enterprise 06-71-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-71-/b", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-03" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-00" }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-01" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-60" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-10" }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-00" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "jre .0 01", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.4" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-50-04" }, { "model": "cosminexus application server 05-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-00" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-11" }, { "model": "jdk 003", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.1" }, { "model": "ucosminexus application server standard 06-72-/b", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00-02" }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-04" }, { "model": "ucosminexus application server enterprise 06-70-/n", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-10-05" }, { "model": "tiered storage manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-01" }, { "model": "jre 12", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.4.2" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "cosminexus application server enterprise 06-00-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter ed enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-10" }, { "model": "jdk", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.0-06" }, { "model": "cosminexus application server 05-00-/a", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.0-00" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00" }, { "model": "ucosminexus application server standard 06-71-/g", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-11-03" }, { "model": "jp1/cm2/network node manager starter edition", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "25008-00" }, { "model": "ucosminexus application server enterprise 06-71-/h", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-50-03" }, { "model": "ucosminexus application server standard 06-71-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-71-/a", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-01" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-10" }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-02" }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-04" }, { "model": "cosminexus application server 05-05-/l", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "jre 1.4.2 28", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-01" }, { "model": "cosminexus application server 05-00-/b", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-71-/h", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "processing kit for xml 01-05-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 007", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "jre 1.3.1 16", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "jdk .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "jre 1.3.1 28", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "cosminexus application server 05-05-/j", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 005", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "cosminexus application server enterprise 06-51-/e", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "jre", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.3" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00-02" }, { "model": "replication manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-00" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-10-01" }, { "model": "cosminexus application server 05-00-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "jre 1.3.1 15", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "replication manager software )", "scope": "ne", "trust": 0.6, "vendor": "hitachi", "version": "7.3-00" }, { "model": "ucosminexus application server standard 06-70-/n", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-00" }, { "model": "ucosminexus application server standard 06-72-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-02" }, { "model": "cosminexus application server standard 06-51-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre .0 04", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.3" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-71" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-00" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "jdk 006", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "processing kit for xml 02-00-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-00" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-51" }, { "model": "processing kit for xml )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "02-05" }, { "model": "jp1/cm2/snmp system observer", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "09-00" }, { "model": "jdk 05", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "cosminexus application server enterprise 06-51-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 007", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-02" }, { "model": "ucosminexus application server standard 06-70-/h", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-02" }, { "model": "jre b 07", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.7" }, { "model": "jdk .0 03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "jdk 1.5.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "replication manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-01" }, { "model": "ucosminexus application server enterprise 06-71-/g", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "replication manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-00" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00-02" }, { "model": "jdk 10", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.4.2" }, { "model": "jre 1.3.1 17", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-01" }, { "model": "cosminexus application server standard 06-51-/c", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/h", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/g", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "cosminexus application server enterprise 06-51-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 1.4.2 27", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 11", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.4.2" }, { "model": "jdk 07-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "tiered storage manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-00" }, { "model": "jdk 06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-71" }, { "model": "jre b 007", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.7" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "jre 01", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.3" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00-02" }, { "model": "cosminexus application server standard 06-02-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/o", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-03" }, { "model": "device manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-00" }, { "model": "jp1/cm2/network node manager starter edition", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "25008-10" }, { "model": "jre 1.5.0.0 08", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus application server enterprise 06-02-/e", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 002", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "jre 1.3.1 19", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 008", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "02-05" }, { "model": "tiered storage manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-00" }, { "model": "jp1/cm2/network node manager starter ed enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "jdk 1.5.0.0 12", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "jre 1.3.1 18", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "ucosminexus application server standard 06-71-/d", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 004", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-10-01" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-51" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-00" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "jdk 009", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.6" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00" }, { "model": "cosminexus application server enterprise 06-02-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/b )", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk 004", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.1" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-60" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-10-06" }, { "model": "ucosminexus application server enterprise 06-71-/a", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-00-/h", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jdk b 007", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.7" }, { "model": "jdk 1.5.0.0 09", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "cosminexus application server standard 06-00-/g", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-00-/f", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "tiered storage manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-00" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1.1-01" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-50" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-03-02" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-10-06" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-10" }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-02" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "08-00-02" }, { "model": "cosminexus application server enterprise 06-00-/i", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "device manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-00" }, { "model": "jdk 1.5.0.0 11", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 11-b03", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.5" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-09" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "-08-11-04" }, { "model": "tiered storage manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.1-01" }, { "model": "jre 012", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.2.2" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "07-00-10" }, { "model": "jre 005", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "06-50" }, { "model": "cosminexus application server standard 06-02-/e", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/k", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "tiered storage manager software )", "scope": "eq", "trust": 0.6, "vendor": "hitachi", "version": "6.2-01" }, { "model": "cosminexus application server standard 06-51-/e", "scope": null, "trust": 0.6, "vendor": "hitachi", "version": null }, { "model": "jre 1.5.0.0 07", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 009", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.1.8" }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "tivoli dynamic workload broker", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0" }, { "model": "virtual i/o server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "cosminexus developer professional 06-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jboss enterprise web server for rhel es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "41.0" }, { "model": "tiered storage manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "cosminexus application server 05-00-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6" }, { "model": "ucosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "processing kit for xml 01-07-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "cognos business intelligence fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "88.4.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.4" }, { "model": "cosminexus developer light 06-50-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "device manager software (linux(sles", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "processing kit for xml 01-07-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netcool omnibus web gui", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.0" }, { "model": "device manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-02" }, { "model": "cosminexus application server 05-02-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-72-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "replication manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-01" }, { "model": "cognos workforce performance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "ucosminexus developer professional 06-70-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-50-02" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-02" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.17" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "8.1" }, { "model": "cosminexus developer 05-05-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.55" }, { "model": "ucosminexus developer standard 06-70-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-00-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos customer performance analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "cosminexus developer 05-05-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.19" }, { "model": "ucosminexus application server enterprise 06-70-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-50-01" }, { "model": "cosminexus server web edition 04-00-/a", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-00-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/c (solari", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00-02" }, { "model": "cosminexus developer light 06-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "tivoli workload scheduler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "provisioning manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "systemwalker availability view enterprise edition 13.3.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "os/400 v5r4m0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "device manager software (linux(sles", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-50" }, { "model": "cosminexus developer standard 06-51-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.1" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.107" }, { "model": "cosminexus application server enterprise 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/r", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.5" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-01" }, { "model": "tivoli netcool performance manager for wireless", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.2" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "tiered storage manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "cosminexus developer professional 06-51-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50-01" }, { "model": "tivoli storage productivity center", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.1" }, { "model": "cognos mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "tivoli foundations for application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.1" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-50" }, { "model": "cosminexus application server standard 06-51-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "hp-ux web server suite", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "3.14" }, { "model": "linux enterprise sdk sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "cosminexus developer 05-05-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.18" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.2" }, { "model": "cosminexus application server 05-01-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jboss enterprise soa platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.0.2" }, { "model": "jboss enterprise portal platform", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5.1.0" }, { "model": "cosminexus developer standard 06-51-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.35" }, { "model": "tivoli composite application manager for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "jre b", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.7" }, { "model": "ucosminexus developer standard 06-71-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.14" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.3" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.0" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-03" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-03" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-30" }, { "model": "cosminexus developer light 06-51-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "tivoli workload scheduler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.3" }, { "model": "websphere application server community edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.4" }, { "model": "jre .0 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-01" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "jp1/hicommand provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-30" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.22" }, { "model": "ucosminexus developer light 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli enterprise console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "jdk 1.5.0 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer professional 06-00-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.128" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-01" }, { "model": "jdk 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.6" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5" }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-50-06" }, { "model": "cosminexus application server enterprise 06-50-c (solaris", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "jrockit r28.0.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "ucosminexus client 06-70-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "cosminexus application server standard 06-51-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netcool performance manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1" }, { "model": "cognos impromptu web reports", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-02" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "jdk 1.5.0.0 06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.3" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "cosminexus developer standard 06-00-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard 06-02-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter edition enterprise hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-10-02" }, { "model": "reflection for secure it unix server sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.0" }, { "model": "cosminexus developer professional 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "interstage application server standard-j edition 9.1.0b", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50" }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-00(x64))" }, { "model": "cosminexus developer light 06-02-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "conferencing standard edition", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3-2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.18" }, { "model": "tru64 unix 5.1b-4", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.2" }, { "model": "vcenter update manager update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.11" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "ucosminexus developer standard 06-70-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.11" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.5" }, { "model": "cosminexus developer professional 06-51-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.1" }, { "model": "vcenter update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cognos express", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "tuning manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "jrockit r28.1.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "tivoli dynamic workload console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "identity manager remote loader", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.6.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "cosminexus application server standard 06-51-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-30" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "processing kit for xml )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-00" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-02" }, { "model": "tivoli workload scehdule z/os connector", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "cosminexus studio web edition 04-01-/a", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.401" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.126" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "cosminexus developer 05-05-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional 06-70-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "ucosminexus client 06-70-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.018" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.019" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "cosminexus developer professional 06-00-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.22" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-02" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-01" }, { "model": "identity manager roles based provisioning module", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.6.1" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.23" }, { "model": "cosminexus developer professional 06-00-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 1.5.0 11-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "tivoli network manager ip edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.8" }, { "model": "cosminexus developer light 06-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "nonstop server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6" }, { "model": "provisioning manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "cosminexus developer 05-05-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "reflection for secure it windows server sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.0" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-06" }, { "model": "jre 007", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.6" }, { "model": "replication manager software -00 )", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.3" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "cosminexus developer professional 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional 06-70-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.25" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.0" }, { "model": "systems insight manager sp3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-60" }, { "model": "ucosminexus client 06-70-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "ucosminexus developer standard 06-71-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-03" }, { "model": "jre 15", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "cosminexus developer light 06-51-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3-1" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jboss enterprise web platform for rhel server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "55" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-40" }, { "model": "tiered storage manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "cosminexus developer light 06-00-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jboss enterprise web platform for rhel 4as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "cosminexus developer professional 06-51-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-10" }, { "model": "jdk 04", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "ucosminexus service platform )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "tiered storage manager software (linux(rhel", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "ucosminexus developer light 06-70-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus client 06-51-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0-00(x64))" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "global link manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-01" }, { "model": "ewas", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.138" }, { "model": "cosminexus developer 05-01-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.18" }, { "model": "cosminexus developer 05-01-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli management framework", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.1.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.3.1" }, { "model": "cosminexus application server enterprise 06-51-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-60" }, { "model": "cosminexus developer light 06-51-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "hp-ux web server suite", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "2.33" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.4" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "cosminexus application server enterprise 06-51-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli federated identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "jp1/cm2/network node manager starter ed enterprise hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00-03" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.14" }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.1" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.30" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.3" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-00" }, { "model": "cosminexus developer 05-01-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-80" }, { "model": "reflection for secure it unix client", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.2" }, { "model": "cosminexus developer light 06-51-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tiered storage manager software (linux(rhel", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "jp1/cm2/network node manager starter edition (hp-ux(pa-risc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-10" }, { "model": "cosminexus developer 05-01-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "cosminexus developer professional 06-00-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux enterprise java sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jre 009", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.6" }, { "model": "jre 1.5.0 08", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer light 06-51-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-02" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-03" }, { "model": "jp1/hicommand provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-90" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.13" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.15" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "5" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "ucosminexus application server enterprise 06-70-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-05" }, { "model": "jre b 005", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.7" }, { "model": "tiered storage manager software (linux(sles", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.29" }, { "model": "jboss enterprise application platform for rhel 4as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "websphere application server community edition", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "2.1.1.5" }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-00" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "tivoli configuration manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.2.3" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-50" }, { "model": "jdk update21", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "jre 11", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "device manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-02" }, { "model": "replication manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "esx patch esx400-201", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "tiered storage manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2.0-00" }, { "model": "netcool/omnibus fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.3.020" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.8" }, { "model": "cosminexus application server 05-01-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.20" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "conferencing standard edition", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "identity manager designer", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "4.0" }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-00" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50" }, { "model": "cosminexus developer 05-05-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 21", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "tivoli directory server 6.1.0.5-tiv-itds-if0", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.56" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.115" }, { "model": "ewas", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.139" }, { "model": "tomcat beta", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0" }, { "model": "tivoli workload scheduler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "cosminexus developer professional 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.102" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "systemwalker availability view enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "13.3" }, { "model": "websphere mq file transfer edition", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.2" }, { "model": "cosminexus studio 05-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional 06-71-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.15" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.2" }, { "model": "device manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.3.0-00" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "systemwalker it process master standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "13.3.1" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.103" }, { "model": "device manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-03" }, { "model": "ucosminexus developer professional 06-71-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "tiered storage manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.56" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus developer standard 06-50-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "jrockit r27.6.0-50", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.015" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50" }, { "model": "cosminexus application server 05-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-50" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.55" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.3" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "reflection suite for", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "x2011" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.7" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "cosminexus studio 05-01-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.32" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.6" }, { "model": "ucosminexus application server enterprise 06-70-/a linux )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jrockit r27.6.5", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.222" }, { "model": "jdk 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "device manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-02" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "ucosminexus developer professional 06-70-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "jboss enterprise application platform el4", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.3" }, { "model": "processing kit for xml 02-00-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.4" }, { "model": "ucosminexus application server enterprise 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light 06-71-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional 06-71-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.21" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.3.1" }, { "model": "cosminexus application server standard 06-50-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-51-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "vcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.03" }, { "model": "global link manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.5-00" }, { "model": "rational clearcase", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "cosminexus application server enterprise 06-50-/c (hp-ux(", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 14", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "cosminexus application server 05-02-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.2" }, { "model": "device manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "cosminexus developer standard 06-50-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos supply chain performance analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.27" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.105" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "global link manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "7.0.8" }, { "model": "ucosminexus application server enterprise 06-70-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos mobile", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "network satellite server (for rhel", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5)5.4" }, { "model": "tivoli federated identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "systems insight manager sp5", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "jre 10", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.001" }, { "model": "tivoli composite application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.3" }, { "model": "jdk update24", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "cosminexus application server 05-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 02", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "tru64 unix pk6", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.5" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.9" }, { "model": "jp1/hicommand provisioning manager )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-10" }, { "model": "tiered storage manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "device manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "jp1/cm2/network node manager starter edition enterprise hp-ux pa-ri", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-10-02" }, { "model": "cosminexus application server 05-01-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50-02" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "replication manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "jre 21", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.19" }, { "model": "cosminexus developer standard 06-51-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "os/400 v6r1m0", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "cosminexus developer standard 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-50-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "replication manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-00" }, { "model": "jdk 1.5.0.0 04", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "interstage business application server standard edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-71" }, { "model": "tivoli foundations for application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "db2 fix pack 3a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.110" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-20" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.6" }, { "model": "cognos business viewpoint", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "jboss enterprise application platform for rhel server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "55" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-02" }, { "model": "cosminexus developer 05-01-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "cosminexus developer light 06-51-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli federated identity manager", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.9" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "88.4.1" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.13" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-00" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.04" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "01-07" }, { "model": "cosminexus developer 05-01-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "ucosminexus client 06-71-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "tuning manager software (solaris(sp", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-03" }, { "model": "enterprise linux for sap server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50-02" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-30" }, { "model": "tru64 unix b-3", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1.0" }, { "model": "processing kit for xml 02-00-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "runtimes for java technology", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.5" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.013" }, { "model": "jdk 1.3.1 20", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "cosminexus developer 05-05-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-00-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tiered storage manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "cosminexus developer light 06-51-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "jdk 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "vcenter update manager", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "cosminexus studio 05-05-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "access manager", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.1" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-10-04" }, { "model": "cosminexus developer professional 06-00-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "replication manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-01" }, { "model": "cosminexus developer light 06-00-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.1" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.52" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jp1/cm2/network node manager starter edition hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00-03" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1" }, { "model": "cosminexus application server 05-00-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-05-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-20" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.2" }, { "model": "provisioning manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.3.0-00" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.4" }, { "model": "jdk update13", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.5" }, { "model": "tivoli netcool portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.1" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "04-00" }, { "model": "ucosminexus application server standard 06-70-/a (windows(ip", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.12" }, { "model": "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00-01" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.3" }, { "model": "tivoli workload scheduler", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.4" }, { "model": "cognos metrics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "jrockit r28.0.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "tivoli netview for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.4.0" }, { "model": "jdk update19", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.1" }, { "model": "processing kit for xml 01-05-/b (windows(en", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.21" }, { "model": "cosminexus developer light 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli federated identity manager business gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "linux enterprise desktop sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-02" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-40" }, { "model": "cosminexus developer 05-05-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-10" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-00" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-60-01" }, { "model": "jp1/hicommand provisioning manager (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-30" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.30" }, { "model": "reflection", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "x2011" }, { "model": "ucosminexus developer light 06-71-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netcool portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.16" }, { "model": "totalstorage ds8300", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "cosminexus developer standard 06-50-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-00" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.31" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.3" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.31" }, { "model": "virtualcenter 2.5.update build", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "31" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-02" }, { "model": "cosminexus developer light 06-50-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jboss enterprise web server for rhel as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "41.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.30" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.14" }, { "model": "cosminexus developer professional 06-02-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-71" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.19" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.117" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "virtualcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "jrockit r27.6.7", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "device manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "jdk b", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.7" }, { "model": "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-risc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-10" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "ucosminexus developer standard 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 10-b03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "jrockit r27.6.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-10-02" }, { "model": "cosminexus developer professional 06-51-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tru64 unix b-4", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1.0" }, { "model": "jre 07", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-40" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "cosminexus developer professional 06-02-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.23" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-10" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.4" }, { "model": "cosminexus developer light 06-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.1" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.10" }, { "model": "replication manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.3.0-00" }, { "model": "cosminexus application server 05-01-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.11" }, { "model": "jp1/cm2/network node manager starter ed enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-10" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-10-03" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.13" }, { "model": "cosminexus application server 05-01-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0" }, { "model": "tivoli storage manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "cognos planning", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "jp1/cm2/network node manager starter edition (hp-ux(pa-risc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00" }, { "model": "aura conferencing sp1 standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.17" }, { "model": "provisioning manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "jp1/cm2/network node manager starter edition hp-ux(pa-ri", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-10-12" }, { "model": "ucosminexus client 06-71-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-00" }, { "model": "tivoli netcool reporter", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-02" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-12" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-08" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.2" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "01-00" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "tiered storage manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "jp1/performance management web console", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "tuning manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-03" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-03" }, { "model": "jre 04", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "ucosminexus developer professional 06-71-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus client 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "provisioning manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "jdk 02", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "reflection for secure it unix client", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "6.0" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50" }, { "model": "rational clearquest", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.2.2" }, { "model": "provisioning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "ucosminexus developer professional 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus developer standard 06-70-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-51" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0" }, { "model": "jdk update17", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "ucosminexus developer professional 06-70-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.26" }, { "model": "cosminexus developer 05-05-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "runtimes for java technology sr12 fp", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "5.04" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.119" }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.221" }, { "model": "sdk 02", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.8" }, { "model": "cosminexus application server standard 06-51-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72(*1)" }, { "model": "tivoli composite application manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.1" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.12" }, { "model": "cosminexus developer standard 06-50-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "cognos query", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.4" }, { "model": "cosminexus developer professional 06-50-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "jdk update20", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jp1/cm2/snmp system observer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jp1/serverconductor/control manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.2" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "1.1-1" }, { "model": "cosminexus developer professional 06-51-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "tiered storage manager software (solaris(sp", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "cognos finance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0.1" }, { "model": "jp1/cm2/network node manager starter edition windows", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00-03" }, { "model": "ucosminexus application server standard 06-70-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus client 06-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/s", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "ucosminexus application server enterprise 06-72-/b )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux enterprise for sap applications sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "device manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-02" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.3" }, { "model": "replication manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-60" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0.4" }, { "model": "global link manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-00" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jdk 20", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50-03" }, { "model": "cosminexus developer light 06-50-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "device manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "vcenter update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "4.12" }, { "model": "cosminexus developer 05-05-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise 06-70-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-01-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-02-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard 06-00-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jboss enterprise soa platform cp04", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.3" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.04" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.06" }, { "model": "tivoli workload scheduler for applications", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "cosminexus developer 05-05-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos powerplay", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "sdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "processing kit for xml (windows(engli", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "01-05" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tivoli netcool performance manager technology pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "jp1/hicommand provisioning manager (solaris(sparc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-90" }, { "model": "jre 1.5.0 09-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "4.2" }, { "model": "job management partner 1/performance management web console", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.1" }, { "model": "device manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "device manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0-06" }, { "model": "tivoli federated identity manager business gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "cosminexus developer standard 06-51-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "cosminexus developer light 06-02-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "cosminexus developer light 06-02-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli configuration manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.3.1" }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1.1-04(x64))" }, { "model": "linux enterprise sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "rational clearcase", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "device manager software (linux(rhel", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "jboss enterprise web server for rhel server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "51.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "jdk 13", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.12" }, { "model": "cosminexus application server 05-01-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "provisioning manager software (linux(rhel", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-01" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "jdk 08", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-02" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "identity manager analyzer", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "1.2" }, { "model": "openvms", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "0" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.27" }, { "model": "reflection for secure it unix server sp1", "scope": "ne", "trust": 0.3, "vendor": "attachmate", "version": "7.2" }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.54" }, { "model": "systems insight manager sp1", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.2" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-70" }, { "model": "tivoli federated identity manager business gateway", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.0.9" }, { "model": "identity manager designer", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.5.1" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.2" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "jrockit r27.1.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "application manager for smart business", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2.1" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "ucosminexus application server standard 06-70-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard 06-71-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.18" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.4" }, { "model": "device manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0-00" }, { "model": "cosminexus application server standard 06-51-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-90" }, { "model": "device manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jboss enterprise application platform el5", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4.3" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-60" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.127" }, { "model": "jre 18", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.111" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.31" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.118" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "cosminexus studio 05-05-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "provisioning manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.124" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "interstage software quality analyzer", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "10.0" }, { "model": "device manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "jrockit r27.6.6", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0.0.96" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.012" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-20" }, { "model": "jre 05a", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-51-01" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.16" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.402" }, { "model": "jrockit r27.6.8", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "6.0" }, { "model": "cosminexus developer light 06-51-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "netcool/omnibus fix pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.3.120" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.19" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.33" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.5" }, { "model": "tiered storage manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-02" }, { "model": "tomcat", "scope": "ne", "trust": 0.3, "vendor": "apache", "version": "6.0.32" }, { "model": "jre 003", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "jdk 15", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-02" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "ucosminexus application server enterprise hp-ux )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus developer professional 06-51-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-01-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jboss enterprise application platform for rhel 4es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus developer light 06-70-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5" }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "ucosminexus developer light 06-70-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "reflection for secure it windows server sp1", "scope": "ne", "trust": 0.3, "vendor": "attachmate", "version": "7.2" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.17" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-71" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-11-02" }, { "model": "ucosminexus application server enterprise hp-ux )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "jre 099", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.12" }, { "model": "jp1/cm2/network node manager starter edition enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-10-02" }, { "model": "tiered storage manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.3.0-00" }, { "model": "jre beta", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-01" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-51-01" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-70" }, { "model": "cognos visualizer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.11" }, { "model": "cosminexus developer light 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "it operations director", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-50-01" }, { "model": "jrockit r27.6.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cognos financial performance analytics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "tivoli storage productivity center fix pack", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.2.14" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "cosminexus developer 05-01-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.015" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-20" }, { "model": "cosminexus developer standard 06-00-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-01-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.106" }, { "model": "cosminexus studio web edition 04-00-/a", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos powerplay", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "cosminexus developer 05-05-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-10" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.219" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "cosminexus application server 05-01-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos noticecast", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.125" }, { "model": "sentinel support pack", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "6.12" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-01" }, { "model": "cosminexus developer standard 06-51-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli storage manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "cosminexus application server standard 06-50-/c (hp-ux(", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.4" }, { "model": "hp-ux b.11.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "interstage application server plus", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "7.0" }, { "model": "db2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.7" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "systems insight manager", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "cosminexus application server 05-00-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.6" }, { "model": "device manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "jdk 1.4.2 11", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-30" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-60-01" }, { "model": "jre 14", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "ucosminexus developer light 06-70-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter edition solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00-03" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.1.2" }, { "model": "jre 13", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "ucosminexus application server enterprise 06-70-/g )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/automatic job management system web operation assistant", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "3-0" }, { "model": "jdk 12", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "cognos metrics", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "jp1/it resource management-manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-70" }, { "model": "cosminexus developer professional 06-51-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-00" }, { "model": "reflection for secure it windows server", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.2" }, { "model": "jdk 11", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "jp1/cm2/network node manager starter ed enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "jp1/cm2/network node manager starter edition (hp-ux(pa-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00-02" }, { "model": "provisioning manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "jdk update23", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.12" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.03" }, { "model": "cognos web services", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.16" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "jre 28", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "device manager software (solaris(sp", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72" }, { "model": "cosminexus studio standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "4" }, { "model": "db2 fixpak", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.55" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.4" }, { "model": "db2 fix pack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.51" }, { "model": "cosminexus developer standard 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.9" }, { "model": "cosminexus application server 05-00-/q", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-10-01" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "reflection for secure it unix server", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "6.0" }, { "model": "global link manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-00" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.24" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "cosminexus developer professional 06-00-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "sentinel support pack h", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "6.12" }, { "model": "replication manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard 06-70-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netcool performance manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3" }, { "model": "cosminexus client 06-50-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tiered storage manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-07" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-01" }, { "model": "ucosminexus developer light 06-70-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light 06-71-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer light 06-70-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-02(x64))" }, { "model": "cosminexus developer 05-05-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "jdk 01a", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux enterprise teradata sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-40" }, { "model": "jndi", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.1" }, { "model": "jdk 0 09", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5" }, { "model": "device manager software (solaris(sp", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "jp1/cm2/network node manager starter ed enterprise pa-risc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00-03" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-10" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-00" }, { "model": "ucosminexus developer standard 06-70-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-05" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.19" }, { "model": "cosminexus developer standard 06-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage job workload server", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.1" }, { "model": "provisioning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0.0-00" }, { "model": "cosminexus developer standard 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "vcenter", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "cognos business intelligence fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "88.4.1" }, { "model": "jre 04", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.1" }, { "model": "ucosminexus developer standard 06-70-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk 099", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.021" }, { "model": "jre 006", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.29" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-60" }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-00" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.2" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "tivoli enterprise console", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "3.9" }, { "model": "linux enterprise java sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-05" }, { "model": "cognos now!", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "4.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "processing kit for xml 01-05-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-05-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.73" }, { "model": "cosminexus application server 05-00-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional 06-71-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netview for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.0" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.6" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-01" }, { "model": "db2 fixpak", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.52" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.31" }, { "model": "cosminexus developer 05-01-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli storage productivity center", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.2.1.185" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.07" }, { "model": "reflection for secure it unix server", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.2" }, { "model": "jdk update25", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "cosminexus developer standard 06-00-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "virtualcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.51" }, { "model": "jdk 04", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "replication manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2" }, { "model": "replication manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-01" }, { "model": "job management partner 1/automatic job management system web", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "2-0" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus application server 05-00-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "rational clearquest", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.5" }, { "model": "linux lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "device manager software (solaris(sp", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-10-01" }, { "model": "ucosminexus client 06-71-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light 06-51-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-01" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.017" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.32" }, { "model": "provisioning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "jdk 1.5.0.0 03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "cosminexus developer standard 06-50-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.227" }, { "model": "cosminexus application server standard 06-50-/g (aix", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "vcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.11" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.13" }, { "model": "cosminexus developer standard 06-51-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.11" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50" }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.224" }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.1" }, { "model": "cosminexus developer standard 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "novell linux pos", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "9" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.27" }, { "model": "tivoli integrated portal", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.1.115" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.8" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-71" }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-04-01" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.15" }, { "model": "jdk 10", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "ucosminexus developer light 06-71-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk update18", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "tiered storage manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-02" }, { "model": "ucosminexus application server standard 06-72-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1.1-00(x64))" }, { "model": "interstage application server enterprise edition 9.1.0b", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.28" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.20" }, { "model": "identity manager roles based provisioning module", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.7" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0" }, { "model": "tivoli federated identity manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1.2" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "interstage application server enterprise edition b", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0.1" }, { "model": "tivoli composite application manager for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "tivoli federated identity manager", "scope": null, "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "ucosminexus developer professional 06-71-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.20" }, { "model": "cognos controller", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "job management partner 1/automatic job management system web", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "3-0" }, { "model": "ucosminexus developer standard 06-70-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "identity manager", "scope": "eq", "trust": 0.3, "vendor": "novell", "version": "3.6.1" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50-01" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "5.0" }, { "model": "it operations director", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "02-50-07" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.112" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0" }, { "model": "vcenter update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.01" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.6" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.401" }, { "model": "cosminexus developer standard 06-00-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer standard 06-02-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "ucosminexus developer professional 06-70-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netview for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.2.0" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.122" }, { "model": "tivoli application dependency discovery manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.2" }, { "model": "hp-ux web server suite", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "3.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.7" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.4" }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0-06(x64))" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.32" }, { "model": "ucosminexus developer standard 06-71-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-02" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.6" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.24" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "jndi/ldap", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.2" }, { "model": "db2 fix pack 6a", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "jrockit r27.6.2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-60" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.2" }, { "model": "cosminexus developer professional 06-02-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "4" }, { "model": "db2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.5" }, { "model": "tru64 unix 5.1b-5", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.7" }, { "model": "cognos powerplay", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "jp1/hicommand provisioning manager )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-90" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4" }, { "model": "cosminexus developer standard 06-51-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.25" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-72(*1)" }, { "model": "ucosminexus application server enterprise 06-70-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 003", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.1" }, { "model": "cosminexus application server enterprise 06-51-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-01-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-02" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.10" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.9" }, { "model": "cognos executive viewer", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.13" }, { "model": "cognos real-time monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "cosminexus server web edition 04-01-/a", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "reflection for secure it windows server sp2", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.0" }, { "model": "ucosminexus developer light 06-71-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-08-11-01" }, { "model": "interstage service integrator enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "tivoli access manager for e-business", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "jre 27", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.2" }, { "model": "cosminexus developer light 06-00-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli monitoring", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2.1" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-08" }, { "model": "tivoli directory server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.014" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "2.1-1" }, { "model": "cosminexus developer professional 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6" }, { "model": "open-enterprise-server", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "0" }, { "model": "tiered storage manager software (solaris(sp", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "cosminexus application server enterprise 06-50-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.011" }, { "model": "global link manager software", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.6-00" }, { "model": "jrockit r27.6.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus developer light 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk update14", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "cosminexus application server 05-02-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.5" }, { "model": "tivoli directory server 6.2.0.3-tiv-itds-if0", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "reflection for secure it unix client sp1", "scope": "ne", "trust": 0.3, "vendor": "attachmate", "version": "7.2" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.121" }, { "model": "processing kit for xml 02-05-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "processing kit for xml 02-00-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "cosminexus developer professional 06-51-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-70-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server standard 06-72-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50" }, { "model": "device manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1.1-03" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.28" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "replication manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-00" }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1.1-03(x64))" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-02" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-06" }, { "model": "cosminexus developer standard 06-51-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-53" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-90" }, { "model": "cognos banking risk performance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-12" }, { "model": "reflection for secure it unix client sp1", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "7.0" }, { "model": "ucosminexus developer standard 06-71-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.3" }, { "model": "jre 004", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.2" }, { "model": "cosminexus developer standard 06-51-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "virtualcenter update 6a", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "2.5" }, { "model": "websphere datapower xc10 appliance", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.0" }, { "model": "cosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "cosminexus developer 05-00-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-00-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-10" }, { "model": "tivoli storage productivity center for replication", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "4.2.1.4" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-70" }, { "model": "tiered storage manager software (linux(rhel", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-02" }, { "model": "device manager software (linux(rhel", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "7.1.0-00" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "reflection for the web r3 build", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "2008527" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "processing kit for xml 02-05-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 17", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.3" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6" }, { "model": "tivoli federated identity manager", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "6.2.14" }, { "model": "jre 1.5.0 09", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "03-50" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.10" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "jp1/cm2/snmp system observer )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-00" }, { "model": "business availability center", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.55" }, { "model": "jp1/hicommand tiered storage manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "9" }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.0.3" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "tivoli netcool performance manager for wireless", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.1.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.010" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-90" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "jp1/cm2/network node manager i advanced", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.7" }, { "model": "systems insight manager update", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.31" }, { "model": "cosminexus application server 05-00-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus developer standard 06-71-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.26" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10" }, { "model": "ucosminexus application server standard 06-70-/b )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer 05-05-/m", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "global link manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-01" }, { "model": "sdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4.223" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.123" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "5.0.1" }, { "model": "ucosminexus application server enterprise 06-72-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "cosminexus application server standard 06-50-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jre 003", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.72" }, { "model": "provisioning manager software (linux(sles", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "vcenter update manager update", "scope": "ne", "trust": 0.3, "vendor": "vmware", "version": "4.12" }, { "model": "jdk 05", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "ucosminexus application server standard 06-71-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "processing kit for xml 01-05-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-09" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "cosminexus developer standard 06-00-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer professional 06-51-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.116" }, { "model": "jp1/cm2/network node manager starter ed enterprise solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00-03" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "ucosminexus application server enterprise hp-ux", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "cosminexus client 06-02-/g", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk update16", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "jp1/cm2/network node manager starter edition )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "tiered storage manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.0-00" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "tiered storage manager software (linux(sles", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.3" }, { "model": "sdk .0 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.4" }, { "model": "cosminexus developer professional 06-50-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-00" }, { "model": "device manager software (linux(sles", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.0.1-02" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.0.4" }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-01" }, { "model": "cosminexus developer light 06-00-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli netcool performance manager", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.020" }, { "model": "enterprise linux as for sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "5" }, { "model": "db2 fixpak", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.54" }, { "model": "cosminexus developer standard 06-02-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-03(x64))" }, { "model": "cosminexus developer standard 06-51-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-51" }, { "model": "tivoli composite application manager for websphere", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.2" }, { "model": "system storage ds8700", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "0" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-10" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-00" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.33" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-02" }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-04-00" }, { "model": "interstage service integrator enterprise edition 9.0.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "cosminexus application server standard 06-51-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli directory server 6.3.0.0-tiv-itds-if0", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.05" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-00" }, { "model": "jre .0 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0" }, { "model": "cosminexus developer standard 06-00-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos business viewpoint", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "10.0" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.113" }, { "model": "websphere datapower xc10 appliance", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "1.0.0.5" }, { "model": "cosminexus application server enterprise 06-51-/b (linux(", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.14" }, { "model": "tivoli integrated portal", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.1.114" }, { "model": "systems insight manager sp2", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "jdk 19", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "cosminexus developer professional 06-50-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-01-/i", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "interstage software quality analyzer 10.0.0a", "scope": null, "trust": 0.3, "vendor": "fujitsu", "version": null }, { "model": "cosminexus application server standard )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-02" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-02" }, { "model": "cognos tm1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.0" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-00-05" }, { "model": "cosminexus application server 05-00-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "it operations analyzer", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "02-53-01" }, { "model": "cosminexus developer professional 06-50-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/integrated management service support", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.15" }, { "model": "jdk 003", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.1.8" }, { "model": "cosminexus application server 05-01-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cognos decisionstream", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-10-01" }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-60" }, { "model": "jp1/hicommand tuning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-00" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.0.34" }, { "model": "jp1/automatic job management system web operation assistant", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "2-0" }, { "model": "cosminexus application server 05-01-/l", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "infosphere information server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.5" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.25" }, { "model": "jre 19", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.1" }, { "model": "ucosminexus application server standard 06-70-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "reflection for secure it windows server", "scope": "eq", "trust": 0.3, "vendor": "attachmate", "version": "6.0" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-02" }, { "model": "tuning manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "7.001" }, { "model": "rational clearquest", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0.13" }, { "model": "cics transaction gateway", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1" }, { "model": "cosminexus application server 05-00-/o", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/h", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.402" }, { "model": "tuning manager software )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.0" }, { "model": "systems insight manager sp6", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.0" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-20-01" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.016" }, { "model": "cognos business intelligence", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "8.0" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.00" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-03-03" }, { "model": "ucosminexus developer light 06-71-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server enterprise 06-51-/j", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/cm2/network node manager starter edition pa-risc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "25008-00-03" }, { "model": "websphere application server", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "jdk 1.5.0 07-b03", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus application server standard 06-51-/b (linux(", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server standard 06-50-/b )", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "jre 16", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.1" }, { "model": "jp1/cm2/network node manager starter ed enterprise (hp-ux(pa-risc", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "08-00" }, { "model": "cosminexus application server 05-05-/n", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.8" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-07" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "7.0.6" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jboss enterprise portal platform 4.3.cp06", "scope": null, "trust": 0.3, "vendor": "redhat", "version": null }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "06-70" }, { "model": "enterprise linux sap", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "1.3" }, { "model": "jp1/hicommand provisioning manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "cosminexus developer standard 06-02-/a", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-05-/p", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jp1/hicommand replication monitor", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-50" }, { "model": "jre 03", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3" }, { "model": "tivoli netview", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.5" }, { "model": "cosminexus developer professional 06-51-/b", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tivoli common reporting", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "2.1" }, { "model": "openvms secure web server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.2-2" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.0" }, { "model": "cosminexus application server enterprise 06-51-/f", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus application server 05-00-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "replication manager software", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.1-01" }, { "model": "cosminexus developer 05-05-/k", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "cosminexus server web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-04-00" }, { "model": "jp1/hicommand global link availability manager", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "05-04" }, { "model": "cosminexus developer light 06-50-/d", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.5.1" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.29" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.2.1" }, { "model": "jdk update22", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "rational clearcase", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.1.4" }, { "model": "ucosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-09" }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.109" }, { "model": "jdk update15", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.5.0" }, { "model": "systems insight manager", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6.3" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "cosminexus developer 05-01-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "6.0.11" }, { "model": "jboss enterprise web platform for rhel 4es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "cosminexus developer 05-01-/e", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "jdk", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.3.110" }, { "model": "enterprise linux desktop workstation client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "provisioning manager software (solaris(sp", "scope": "ne", "trust": 0.3, "vendor": "hitachi", "version": "6.4.0-08" }, { "model": "jdk 1.4.2 10", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer standard 06-02-/c", "scope": null, "trust": 0.3, "vendor": "hitachi", "version": null }, { "model": "esx update", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.11" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.0.28" }, { "model": "device manager software (solaris", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "6.2-00(x64))" }, { "model": "tomcat", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "5.5.10" }, { "model": "db2 fixpack", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "9.57" }, { "model": "it operations analyzer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "02-01" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "07-50-01" } ], "sources": [ { "db": "BID", "id": "46091" }, { "db": "JVNDB", "id": "JVNDB-2011-000018" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000016" }, { "db": "JVNDB", "id": "JVNDB-2011-001185" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "NVD", "id": "CVE-2010-4476" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:hp:systems_insight_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:ibm_forms", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:lotus_expeditor", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:lotus_quickr", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:ibm_mashup_center", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:websphere_dashboard_framework", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:lotus_activeinsight", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:lotus_connections", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:lotus_mashups", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:lotus_sametime_advanced", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:lotus_sametime_standard", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:lotus_sametime_unified_telephony", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:lotus_web_content_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:lotus_workforce_management", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:websphere_portlet_factory", "vulnerable": true }, { "cpe22Uri": "cpe:/a:ibm:workplace_web_content_management", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-000018" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "HP", "sources": [ { "db": "PACKETSTORM", "id": "114812" }, { "db": "PACKETSTORM", "id": "98801" }, { "db": "PACKETSTORM", "id": "101246" }, { "db": "PACKETSTORM", "id": "101245" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "PACKETSTORM", "id": "111920" } ], "trust": 0.6 }, "cve": "CVE-2010-4476", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2010-4476", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2011-000018", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2011-000017", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "Single", "author": "IPA", "availabilityImpact": "Partial", "baseScore": 4.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2011-000016", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "Partial", "baseScore": 5.0, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "JVNDB-2011-000020", "impactScore": null, "integrityImpact": "None", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2010-4476", "trust": 1.0, "value": "MEDIUM" }, { "author": "IPA", "id": "JVNDB-2011-000018", "trust": 0.8, "value": "Medium" }, { "author": "IPA", "id": "JVNDB-2011-000017", "trust": 0.8, "value": "Medium" }, { "author": "IPA", "id": "JVNDB-2011-000016", "trust": 0.8, "value": "Medium" }, { "author": "NVD", "id": "CVE-2010-4476", "trust": 0.8, "value": "Medium" }, { "author": "IPA", "id": "JVNDB-2011-000020", "trust": 0.8, "value": "Medium" }, { "author": "VULMON", "id": "CVE-2010-4476", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-4476" }, { "db": "JVNDB", "id": "JVNDB-2011-000018" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000016" }, { "db": "JVNDB", "id": "JVNDB-2011-001185" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "NVD", "id": "CVE-2010-4476" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The Double.parseDouble method in Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier, as used in OpenJDK, Apache, JBossweb, and other products, allows remote attackers to cause a denial of service via a crafted string that triggers an infinite loop of estimations during conversion to a double-precision binary floating-point number, as demonstrated using 2.2250738585072012e-308. IBM WebSphere Application Server (WAS) contains a denial-of-service (DoS) vulnerability. IBM WebSphere Application Server contains a denial-of-service (DoS) vulnerability due to an issue in Java Runtime Environment (JRE). According to the developer: \" For other IBM software products that contain an affected version of WAS, require an update. Specifically, WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), WebSphere Virtual Enterprise (WVE), WebSphere Commerce and others are applicable. Also, IBM HTTP Server is not affected by this vulnerability.\"A remote attacker may cause a denial-of-service (DoS). plural Oracle Product Java Runtime Environment Components include Java language and APIs There are vulnerabilities that affect availability due to flaws in the handling of.Service disruption by a third party (DoS) An attack may be carried out. A wide range of products are affected. Oracle Java is prone to a remote denial-of-service vulnerability. \nSuccessful attacks will cause applications written in Java to hang, creating a denial-of-service condition. \nHP OpenVMS running J2SE 1.42 on Alpha platforms: v 1.42-9 and earlier. \nHP OpenVMS running J2SE 1.42 on I64 platforms: v 1.42-6 and earlier. \nHP OpenVMS running J2SE 5.0 on Alpha platforms: v 1.50-7 and earlier. \nHP OpenVMS running J2SE 5.0 on I64 platforms: v 1.50-6 and earlier. \nHP OpenVMS running Java SE 6 on Alpha and I64 platforms: v 6.0-2 and earlier. \nThe updates are available from: http://www.hp.com/go/java\n\nThese issues are addressed in the following versions of the HP Java:\n\nHP-UX B.11.11 / SDK and JRE v1.4.2.28 or subsequent\n\nHP-UX B.11.23 / SDK and JRE v1.4.2.28 or subsequent\n\nHP-UX B.11.31 / SDK and JRE v1.4.2.28 or subsequent\n\nMANUAL ACTIONS: Yes - Update\n\nFor Java v1.4.2.27 and earlier, update to Java v1.4.2.28 or subsequent. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n _______________________________________________________________________\n\n Mandriva Linux Security Advisory MDVSA-2011:054\n http://www.mandriva.com/security/\n _______________________________________________________________________\n\n Package : java-1.6.0-openjdk\n Date : March 27, 2011\n Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0\n _______________________________________________________________________\n\n Problem Description:\n\n Multiple vulnerabilities has been identified and fixed in\n java-1.6.0-openjdk:\n \n The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7,\n 1.8 before 1.8.4, and 1.9 before 1.9.4 for Java OpenJDK returns from\n the checkPermission method instead of throwing an exception in certain\n circumstances, which might allow context-dependent attackers to bypass\n the intended security policy by creating instances of ClassLoader\n (CVE-2010-4351). NOTE: the\n previous information was obtained from the February 2011 CPU. Oracle\n has not commented on claims from a downstream vendor that this issue\n involves DNS cache poisoning by untrusted applets. NOTE: the previous information was\n obtained from the February 2011 CPU. Oracle has not commented on claims\n from a downstream vendor that this issue is an untrusted search path\n vulnerability involving an empty LD_LIBRARY_PATH environment variable\n (CVE-2010-4450). NOTE: the previous information was obtained from the\n February 2011 CPU. Oracle has not commented on claims from a downstream\n vendor that this issue is related to the lack of framework support by\n AWT event dispatch, and/or clipboard access in Applets. NOTE: the previous information was obtained from\n the February 2011 CPU. Oracle has not commented on claims from a\n downstream vendor that this issue is heap corruption related to the\n Verifier and backward jsrs. NOTE: the previous information\n was obtained from the February 2011 CPU. Oracle has not commented on\n claims from a downstream vendor that this issue is related to Features\n set on SchemaFactory not inherited by Validator. NOTE: the previous information\n was obtained from the February 2011 CPU. Oracle has not commented\n on claims from a downstream vendor that this issue is related to the\n exposure of system properties via vectors related to Font.createFont\n and exception text (CVE-2010-4471). NOTE: the previous\n information was obtained from the February 2011 CPU. Oracle has\n not commented on claims from a downstream vendor that this issue\n involves the replacement of the XML DSig Transform or C14N algorithm\n implementations. \n \n IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5\n does not properly verify signatures for JAR files that (1) are\n partially signed or (2) signed by multiple entities, which allows\n remote attackers to trick users into executing code that appears to\n come from a trusted source (CVE-2011-0025). \n \n The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in\n OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain\n privileges via unknown vectors related to multiple signers and the\n assignment of an inappropriate security descriptor. (CVE-2011-0706)\n \n Additionally the java-1.5.0-gcj packages were not rebuilt with the\n shipped version on GCC for 2009.0 and Enterprise Server 5 which\n caused problems while building the java-1.6.0-openjdk updates,\n therefore rebuilt java-1.5.0-gcj packages are being provided with\n this advisory as well. \n \n Packages for 2009.0 are provided as of the Extended Maintenance\n Program. Please visit this link to learn more:\n http://store.mandriva.com/product_info.php?cPath=149\u0026amp;products_id=490\n \n The updated packages have been patched to correct this issue. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4351\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4448\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4450\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4465\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4469\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4470\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4471\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4472\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4476\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0025\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0706\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2009.0:\n cfea90f1f20d28bf5a2f628e0a910eaa 2009.0/i586/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm\n d3188bf2f1da126b4d04e920e331d831 2009.0/i586/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm\n 1b4994018478f335d49531d9d5e60642 2009.0/i586/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm\n 078af1b826c27ea3c7befc88ace7ebd5 2009.0/i586/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdv2009.0.i586.rpm\n d1c6cba2035f8eada4e351310ebf7be2 2009.0/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.i586.rpm\n 8b53c26f88092819346654a339b44622 2009.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2009.0.i586.rpm\n fc8af257ef8db0d37f3bfff954740c0b 2009.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2009.0.i586.rpm\n 6cd5f5cdb27e4c8936292aef0aa5010c 2009.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2009.0.i586.rpm\n 03fdab84535710ac263c08b3870cb062 2009.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2009.0.i586.rpm\n 0232ce60d1d6e1072e50a13f2b416fcc 2009.0/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2009.0.i586.rpm \n fc94465e0b7e5fe50095c15726d38699 2009.0/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm\n 79aa73d85fe13e803173a9c520ac1bd8 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n 5728fe31661213beab52fe97f9af91ad 2009.0/x86_64/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm\n bd5a2a20d168ddcebe29bb109fea38c2 2009.0/x86_64/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm\n a37818a53a8dbfa85d82bcf3bf83e08f 2009.0/x86_64/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm\n ed9d1baa365606c512783863da3e0bd8 2009.0/x86_64/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdv2009.0.x86_64.rpm\n b5e70c75ecc67f8f1f7f22ca55059a8b 2009.0/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm\n 071df613e884a9faf3525661280b19d6 2009.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm\n 81b79e0a8ae29c5bcff3fa6872ad52e9 2009.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm\n b5818cbad798514f02ee26c346d1e077 2009.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm\n d80e3970d9279df1f9dddd46bcb01380 2009.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm\n d72298b296819ab6791e28449d3cf475 2009.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2009.0.x86_64.rpm \n fc94465e0b7e5fe50095c15726d38699 2009.0/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm\n 79aa73d85fe13e803173a9c520ac1bd8 2009.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2009.0.src.rpm\n\n Mandriva Linux 2010.0:\n bbe3a5e4538edd269e8e8c846d02ec50 2010.0/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.i586.rpm\n 825fa39b02a627993df166acad99e002 2010.0/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.0.i586.rpm\n b30390e1d4457964f60630c95b36e768 2010.0/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.0.i586.rpm\n f6123d9a0852fabdf596850979b58e4d 2010.0/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.0.i586.rpm\n f2ec2f80944f1f401154d2fb2c2ad64d 2010.0/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.0.i586.rpm\n 68ed360de6ee490d80906fd561459faa 2010.0/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.0.i586.rpm \n f7cb05087b53d464084c1d9975f914b1 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 11e65a4c18288572327dd4c4f8841f94 2010.0/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm\n 58bdac45685c3146adb44cb2c006811f 2010.0/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm\n e9dfc0bd42192c92b2a788809226ff27 2010.0/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm\n afcef69bfa7804c70df2684b2ed19634 2010.0/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm\n 64ea6c5ab1b71b8a0f163aa1f7581c69 2010.0/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm\n beb768b3e0714331050baf31a8e88bc9 2010.0/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.0.x86_64.rpm \n f7cb05087b53d464084c1d9975f914b1 2010.0/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.0.src.rpm\n\n Mandriva Linux 2010.1:\n c2736e4b08921bb5de8dbad3e13bb988 2010.1/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.i586.rpm\n 884207fa52ea3e168710dfb3988229d5 2010.1/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.2.i586.rpm\n a0d0a86bbc5dcc9d2eff2dc2e14ae083 2010.1/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.2.i586.rpm\n dc1dd774b5eb1efb1a785b0ff4bc8f94 2010.1/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.2.i586.rpm\n 41cffbd28ed3d467e465328d8369116a 2010.1/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.2.i586.rpm\n ae4064b170d4e2fcd0b4949cd53af79e 2010.1/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.2.i586.rpm \n f44cc336bcd85dbfd7c589b1b34e1907 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.src.rpm\n\n Mandriva Linux 2010.1/X86_64:\n 556d72a8cf60df24274bb49938a2791c 2010.1/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm\n e7e183d456383ad562cdb9da84e0f899 2010.1/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm\n 035fccb2950b8a87cd4b597c866d5831 2010.1/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm\n a76c326c10b87a62be32100d0eddd75f 2010.1/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm\n 09ad2b77e3c48b3e16010c8c93fa8f9b 2010.1/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm\n 042beb49ddd872902a8faea3e425b792 2010.1/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdv2010.2.x86_64.rpm \n f44cc336bcd85dbfd7c589b1b34e1907 2010.1/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdv2010.2.src.rpm\n\n Mandriva Enterprise Server 5:\n 2bf537286d1406c491061e07a73c96ec mes5/i586/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm\n fb125806cc547d2c69cf13ae67c835d5 mes5/i586/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm\n 657a9fb9b644be8f8a49442a8210d56a mes5/i586/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm\n fff64cbf465a2a701c248ad5cc4c89c6 mes5/i586/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdvmes5.2.i586.rpm\n 8ba9fe5adad781d341ba764b661c8c92 mes5/i586/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm\n 75de95d6064fe9d552795deb0768dfca mes5/i586/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm\n 9f5ccbfff9afb405baadfc67f8173617 mes5/i586/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm\n 70de70d7adaccff5397814d31bd51a96 mes5/i586/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm\n 94b138e8a423f2f8c2ad137577bb4d42 mes5/i586/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm\n fd7dc4b050b6e07ea7686a72c2704ccd mes5/i586/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdvmes5.2.i586.rpm \n 2899dfa5a7491a13e85736bf588913d9 mes5/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm\n 4fc6e8041b5a93a3a71082fb1cbead26 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 11c7cdc078dcd9cf30e818f4fb4c4e1f mes5/x86_64/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm\n 6c6185f429a1672255e30cf00c2af065 mes5/x86_64/java-1.5.0-gcj-devel-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm\n f194361aa7a5cfeec17745f0ee158962 mes5/x86_64/java-1.5.0-gcj-javadoc-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm\n 7d2679d156a618d7ba847ba2ebcede4b mes5/x86_64/java-1.5.0-gcj-src-1.5.0.0-17.1.7.1mdvmes5.2.x86_64.rpm\n 8ae3d0065764f69d1546a61b895a4244 mes5/x86_64/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm\n 8ef4ab6f5f8f421c1b36dfae807350a5 mes5/x86_64/java-1.6.0-openjdk-demo-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm\n d504a7493fc86d5750c849f738bb6167 mes5/x86_64/java-1.6.0-openjdk-devel-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm\n 3c044a087cc5225fd9ad138dcea5fa7d mes5/x86_64/java-1.6.0-openjdk-javadoc-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm\n b89fa5785567340525aa5b57c8b9440c mes5/x86_64/java-1.6.0-openjdk-plugin-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm\n 3dc504dbf7161b1026bf41298118a819 mes5/x86_64/java-1.6.0-openjdk-src-1.6.0.0-7.b18.5mdvmes5.2.x86_64.rpm \n 2899dfa5a7491a13e85736bf588913d9 mes5/SRPMS/java-1.5.0-gcj-1.5.0.0-17.1.7.1mdv2009.0.src.rpm\n 4fc6e8041b5a93a3a71082fb1cbead26 mes5/SRPMS/java-1.6.0-openjdk-1.6.0.0-7.b18.5mdvmes5.2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFNj4A1mqjQ0CJFipgRAqd9AKDH+zN9xFfcPlQmGWMRSOqb+xjI4QCfbvvt\nDHgr6vgcxh6XXAElZkDBIws=\n=7L47\n-----END PGP SIGNATURE-----\n. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nApache Tomcat Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA43198\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43198/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43198\n\nRELEASE DATE:\n2011-02-07\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43198/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43198/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43198\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Apache Tomcat, which\ncan be exploited by malicious, local users to bypass certain security\nrestrictions and by malicious people to conduct cross-site scripting\nattacks and cause a DoS (Denial of Service). \n\n1) An error due to the \"ServletContect\" attribute improperly being\nrestricted to read-only when running under a SecurityManager can be\nexploited by a malicious web application to use an arbitrary working\ndirectory with read-write privileges. \n\n2) Certain input (e.g. display names) is not properly sanitised in\nthe HTML Manager interface before being returned to the user. This\ncan be exploited to execute arbitrary HTML and script code in a\nuser\u0027s browser session in context of an affected site. \n\n3) An error within the JVM when accessing a page that calls\n\"javax.servlet.ServletRequest.getLocale()\" or\n\"javax.servlet.ServletRequest.getLocales()\" functions can be\nexploited to cause the process to hang via a web request containing\nspecially crafted headers (e.g. \"Accept-Language\"). \n\nThis vulnerability is reported in versions prior to 5.5.33. \n\nPROVIDED AND/OR DISCOVERED BY:\n1, 2) Reported by the vendor. \n3) Konstantin Preiber\n\nORIGINAL ADVISORY:\nApache Tomcat:\nhttp://tomcat.apache.org/security-5.html\nhttp://archives.neohapsis.com/archives/fulldisclosure/2011-02/0075.html\n\nKonstantin Preiber:\nhttp://www.exploringbinary.com/why-volatile-fixes-the-2-2250738585072011e-308-bug/comment-page-1/#comment-4645\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Such input strings represent valid\nnumbers and can be contained in data supplied by an attacker over the\nnetwork, leading to a denial-of-service attack. \n\nFor the old stable distribution (lenny), this problem has been fixed\nin version 6b18-1.8.3-2~lenny1. \n\nNote that this update introduces an OpenJDK package based on the\nIcedTea release 1.8.3 into the old stable distribution. This\naddresses several dozen security vulnerabilities, most of which are\nonly exploitable by malicious mobile code. A notable exception is\nCVE-2009-3555, the TLS renegotiation vulnerability. This update\nimplements the protocol extension described in RFC 5746, addressing\nthis issue. \n\nThis update also includes a new version of Hotspot, the Java virtual\nmachine, which increases the default heap size on machines with\nseveral GB of RAM. If you run several JVMs on the same machine, you\nmight have to reduce the heap size by specifying a suitable -Xmx\nargument in the invocation of the \"java\" command. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c02729756\nVersion: 1\n\nHPSBUX02633 SSRT100387 rev.1 - HP-UX running Java, Remote Denial of Service (DoS)\n\nNOTICE: The information in this Security Bulletin should be acted upon as soon as possible. \n\nRelease Date: 2011-02-23\nLast Updated: 2011-02-23\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential vulnerability has been identified with HP-UX running Java. The vulnerability could be remotely exploited to create a Denial of Service (DoS). \n\nReferences: CVE-2010-4476\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nAny version of Java running on HP-UX 11.11, HP-UX 11.23, or HP-UX 11.31. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2010-4476 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has made the following software tool available to resolve the vulnerability. This tool can be used to update all versions of HP-UX Java. \n\nTo download the FPUpdater tool, go to https://www.hp.com/go/java then click on the link for the FPUpdater tool\n\nAn HP Passport user ID is required to download the FPUpdater tool and its Readme file. For information on registering for an HP Passport user ID, refer to: https://passport2.hp.com\n\nMANUAL ACTIONS: Yes - Update\n\nUpdate using FPUpdater\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\nHP-UX B.11.23\nHP-UX B.11.31\n===========\naction: update using FPUpdater if Java is installed\n\nEND AFFECTED VERSIONS\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\n\nHISTORY\nVersion:1 (rev.1) - 23 February 2011 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2011 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (GNU/Linux)\n\niEYEARECAAYFAk1sQl4ACgkQ4B86/C0qfVkZoACg+A0Nrllhsgj+ZNVRWBJtSGg0\n+McAoLe5aV6VZ16dYIp6IG59vPG8unq8\n=sL4p\n-----END PGP SIGNATURE-----\n. Customers should open a support case to request the\nfollowing hotfixes. \n\nNNMi Version / Operating System\n Required Patch\n Hotfix\n\n9.1x HP-UX\n Patch 4\n Hotfix-NNMi-9.1xP4-HP-UX-JDK-20120710.zip\n\n9.1x Linux\n Patch 4\n Hotfix-NNMi-9.1xP4-Linux-JDK-20120523.zip\n\n9.1x Solaris\n Patch 4\n Hotfix-NNMi-9.1xP4-Solaris-JDK-20120523.zip\n\n9.1x Windows\n Patch 4\n Hotfix-NNMi-9.1xP4-Windows-JDK-20120523.zip\n\nNote: The hotfix must be installed after the required patch. The hotfix must\nbe reinstalled if the required patch is reinstalled. \n\nMANUAL ACTIONS: Yes - Update\n\nInstall the applicable patch and hotfix. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201111-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: November 05, 2011\n Bugs: #340421, #354213, #370559, #387851\n ID: 201111-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jre-bin \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 2 app-emulation/emul-linux-x86-java\n \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n 3 dev-java/sun-jdk \u003c 1.6.0.29 \u003e= 1.6.0.29 *\n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 3 affected packages\n -------------------------------------------------------------------\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. Please review the CVE identifiers referenced below and\nthe associated Oracle Critical Patch Update Advisory for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jdk-1.6.0.29\"\n\nAll Oracle JRE 1.6 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-java/sun-jre-bin-1.6.0.29\"\n\nAll users of the precompiled 32-bit Oracle JRE 1.6 should upgrade to\nthe latest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.6.0.29\"\n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \nThis limitation is not present on a non-fetch restricted implementation\nsuch as dev-java/icedtea-bin. \n\nReferences\n==========\n\n[ 1 ] CVE-2010-3541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3541\n[ 2 ] CVE-2010-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3548\n[ 3 ] CVE-2010-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3549\n[ 4 ] CVE-2010-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3550\n[ 5 ] CVE-2010-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3551\n[ 6 ] CVE-2010-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3552\n[ 7 ] CVE-2010-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3553\n[ 8 ] CVE-2010-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3554\n[ 9 ] CVE-2010-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3555\n[ 10 ] CVE-2010-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3556\n[ 11 ] CVE-2010-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3557\n[ 12 ] CVE-2010-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3558\n[ 13 ] CVE-2010-3559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3559\n[ 14 ] CVE-2010-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3560\n[ 15 ] CVE-2010-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3561\n[ 16 ] CVE-2010-3562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3562\n[ 17 ] CVE-2010-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3563\n[ 18 ] CVE-2010-3565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3565\n[ 19 ] CVE-2010-3566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3566\n[ 20 ] CVE-2010-3567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3567\n[ 21 ] CVE-2010-3568\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3568\n[ 22 ] CVE-2010-3569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3569\n[ 23 ] CVE-2010-3570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3570\n[ 24 ] CVE-2010-3571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3571\n[ 25 ] CVE-2010-3572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3572\n[ 26 ] CVE-2010-3573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3573\n[ 27 ] CVE-2010-3574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3574\n[ 28 ] CVE-2010-4422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4422\n[ 29 ] CVE-2010-4447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4447\n[ 30 ] CVE-2010-4448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4448\n[ 31 ] CVE-2010-4450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4450\n[ 32 ] CVE-2010-4451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4451\n[ 33 ] CVE-2010-4452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4452\n[ 34 ] CVE-2010-4454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4454\n[ 35 ] CVE-2010-4462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4462\n[ 36 ] CVE-2010-4463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4463\n[ 37 ] CVE-2010-4465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4465\n[ 38 ] CVE-2010-4466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4466\n[ 39 ] CVE-2010-4467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4467\n[ 40 ] CVE-2010-4468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4468\n[ 41 ] CVE-2010-4469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4469\n[ 42 ] CVE-2010-4470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4470\n[ 43 ] CVE-2010-4471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4471\n[ 44 ] CVE-2010-4472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4472\n[ 45 ] CVE-2010-4473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4473\n[ 46 ] CVE-2010-4474\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4474\n[ 47 ] CVE-2010-4475\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4475\n[ 48 ] CVE-2010-4476\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4476\n[ 49 ] CVE-2011-0802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0802\n[ 50 ] CVE-2011-0814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0814\n[ 51 ] CVE-2011-0815\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0815\n[ 52 ] CVE-2011-0862\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0862\n[ 53 ] CVE-2011-0863\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0863\n[ 54 ] CVE-2011-0864\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0864\n[ 55 ] CVE-2011-0865\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0865\n[ 56 ] CVE-2011-0867\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0867\n[ 57 ] CVE-2011-0868\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0868\n[ 58 ] CVE-2011-0869\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0869\n[ 59 ] CVE-2011-0871\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0871\n[ 60 ] CVE-2011-0872\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0872\n[ 61 ] CVE-2011-0873\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0873\n[ 62 ] CVE-2011-3389\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3389\n[ 63 ] CVE-2011-3516\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3516\n[ 64 ] CVE-2011-3521\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3521\n[ 65 ] CVE-2011-3544\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3544\n[ 66 ] CVE-2011-3545\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3545\n[ 67 ] CVE-2011-3546\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3546\n[ 68 ] CVE-2011-3547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3547\n[ 69 ] CVE-2011-3548\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3548\n[ 70 ] CVE-2011-3549\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3549\n[ 71 ] CVE-2011-3550\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3550\n[ 72 ] CVE-2011-3551\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3551\n[ 73 ] CVE-2011-3552\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3552\n[ 74 ] CVE-2011-3553\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3553\n[ 75 ] CVE-2011-3554\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3554\n[ 76 ] CVE-2011-3555\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3555\n[ 77 ] CVE-2011-3556\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3556\n[ 78 ] CVE-2011-3557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3557\n[ 79 ] CVE-2011-3558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3558\n[ 80 ] CVE-2011-3560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3560\n[ 81 ] CVE-2011-3561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3561\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201111-02.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ===========================================================\nUbuntu Security Notice USN-1079-3 March 17, 2011\nopenjdk-6b18 vulnerabilities\nCVE-2010-4448, CVE-2010-4450, CVE-2010-4465, CVE-2010-4469,\nCVE-2010-4470, CVE-2010-4471, CVE-2010-4472, CVE-2010-4476,\nCVE-2011-0706\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 10.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 10.10:\n icedtea6-plugin 6b18-1.8.7-0ubuntu2.1\n openjdk-6-jre 6b18-1.8.7-0ubuntu2.1\n openjdk-6-jre-headless 6b18-1.8.7-0ubuntu2.1\n\nAfter a standard system update you need to restart any Java services,\napplications or applets to make all the necessary changes. \n\nDetails follow:\n\nUSN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel (ARM)\narchitectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes\nvulnerabilities in OpenJDK 6 for armel (ARM) architectures for Ubuntu\n10.10. \n\nOriginal advisory details:\n\n It was discovered that untrusted Java applets could create domain\n name resolution cache entries, allowing an attacker to manipulate\n name resolution within the JVM. (CVE-2010-4448)\n \n It was discovered that the Java launcher did not did not properly\n setup the LD_LIBRARY_PATH environment variable. (CVE-2010-4450)\n \n It was discovered that within the Swing library, forged timer events\n could allow bypass of SecurityManager checks. This could allow an\n attacker to access restricted resources. (CVE-2010-4465)\n \n It was discovered that certain bytecode combinations confused memory\n management within the HotSpot JVM. This could allow an attacker to\n cause a denial of service through an application crash or possibly\n inject code. (CVE-2010-4469)\n \n It was discovered that the way JAXP components were handled\n allowed them to be manipulated by untrusted applets. An attacker\n could use this to bypass XML processing restrictions and elevate\n privileges. (CVE-2010-4470)\n \n It was discovered that the Java2D subcomponent, when processing broken\n CFF fonts could leak system properties. (CVE-2010-4471)\n \n It was discovered that a flaw in the XML Digital Signature\n component could allow an attacker to cause untrusted code to\n replace the XML Digital Signature Transform or C14N algorithm\n implementations. (CVE-2010-4472)\n \n Konstantin Prei\\xdfer and others discovered that specific double literals\n were improperly handled, allowing a remote attacker to cause a denial\n of service. (CVE-2011-0706)\n\n\nUpdated packages for Ubuntu 10.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu2.1.diff.gz\n Size/MD5: 149561 b35ae7a82db49282379d36e7ece58484\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu2.1.dsc\n Size/MD5: 3015 04cb459aeaab6c228e722caf07a44de9\n http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7.orig.tar.gz\n Size/MD5: 71430490 b2811b2e53cd9abaad6959d33fe10d19\n\n armel architecture (ARM Architecture):\n\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 377802 d4439da20492eafbccb33e2fe979e8c9\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 78338 7bdf93e00fd81dc82fd0d9a8b4e905c7\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 85497146 1512e0d6563dd5120729cf5b993c618c\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 1545620 544c54891d44bdac534c81318a7f2bcb\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 9140042 0a2d6ed937081800baeb6fc55326a754\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 30092886 4cc5ad7c54638278e55ee7d2acaab413\n http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 266102 4278c2c06387cf883325356efda3c4d4\n http://ports.ubuntu.com/pool/universe/o/openjdk-6b18/openjdk-6-jre-zero_6b18-1.8.7-0ubuntu2.1_armel.deb\n Size/MD5: 1959296 6becfb4d5a2ecbe7aee622b84df57f12\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2010-4476" }, { "db": "JVNDB", "id": "JVNDB-2011-000018" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000016" }, { "db": "JVNDB", "id": "JVNDB-2011-001185" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "BID", "id": "46091" }, { "db": "PACKETSTORM", "id": "101245" }, { "db": "PACKETSTORM", "id": "111920" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "PACKETSTORM", "id": "99798" }, { "db": "PACKETSTORM", "id": "98186" }, { "db": "VULMON", "id": "CVE-2010-4476" }, { "db": "PACKETSTORM", "id": "98469" }, { "db": "PACKETSTORM", "id": "101246" }, { "db": "PACKETSTORM", "id": "98801" }, { "db": "PACKETSTORM", "id": "114812" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "99459" } ], "trust": 5.85 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=35304", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-4476" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2010-4476", "trust": 6.4 }, { "db": "SECUNIA", "id": "43295", "trust": 4.3 }, { "db": "SECTRACK", "id": "1025062", "trust": 4.3 }, { "db": "SECUNIA", "id": "43304", "trust": 1.9 }, { "db": "SECUNIA", "id": "43280", "trust": 1.9 }, { "db": "JVN", "id": "JVN97334690", "trust": 1.6 }, { "db": "JVN", "id": "JVN26301278", "trust": 1.6 }, { "db": "JVN", "id": "JVN16308183", "trust": 1.6 }, { "db": "HITACHI", "id": "HS11-003", "trust": 1.4 }, { "db": "BID", "id": "46091", "trust": 1.2 }, { "db": "SECUNIA", "id": "43400", "trust": 1.1 }, { "db": "SECUNIA", "id": "45022", "trust": 1.1 }, { "db": "SECUNIA", "id": "43333", "trust": 1.1 }, { "db": "SECUNIA", "id": "43048", "trust": 1.1 }, { "db": "SECUNIA", "id": "44954", "trust": 1.1 }, { "db": "SECUNIA", "id": "45555", "trust": 1.1 }, { "db": "SECUNIA", "id": "43659", "trust": 1.1 }, { "db": "SECUNIA", "id": "43378", "trust": 1.1 }, { "db": "SECUNIA", "id": "49198", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0605", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0422", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0434", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0365", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0377", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2011-0379", "trust": 1.1 }, { "db": "SECUNIA", "id": "43198", "trust": 0.9 }, { "db": "JVNDB", "id": "JVNDB-2011-000018", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2011-000017", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2011-000016", "trust": 0.8 }, { "db": "SECUNIA", "id": "44303", "trust": 0.8 }, { "db": "SECUNIA", "id": "43262", "trust": 0.8 }, { "db": "SECUNIA", "id": "43194", "trust": 0.8 }, { "db": "VUPEN", "id": "ADV-2011-0405", "trust": 0.8 }, { "db": "VUPEN", "id": "ADV-2011-0339", "trust": 0.8 }, { "db": "VUPEN", "id": "ADV-2011-1051", "trust": 0.8 }, { "db": "VUPEN", "id": "ADV-2011-0294", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2011-001185", "trust": 0.8 }, { "db": "JVN", "id": "JVN81294135", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2011-000020", "trust": 0.8 }, { "db": "HITACHI", "id": "HS11-009", "trust": 0.3 }, { "db": "HITACHI", "id": "HS11-010", "trust": 0.3 }, { "db": "HITACHI", "id": "HS11-008", "trust": 0.3 }, { "db": "EXPLOIT-DB", "id": "35304", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2010-4476", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "106640", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114812", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "99459", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "98801", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101246", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "98469", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "101245", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "98186", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "99798", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "112826", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111920", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-4476" }, { "db": "BID", "id": "46091" }, { "db": "JVNDB", "id": "JVNDB-2011-000018" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000016" }, { "db": "JVNDB", "id": "JVNDB-2011-001185" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "114812" }, { "db": "PACKETSTORM", "id": "99459" }, { "db": "PACKETSTORM", "id": "98801" }, { "db": "PACKETSTORM", "id": "101246" }, { "db": "PACKETSTORM", "id": "98469" }, { "db": "PACKETSTORM", "id": "101245" }, { "db": "PACKETSTORM", "id": "98186" }, { "db": "PACKETSTORM", "id": "99798" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "PACKETSTORM", "id": "111920" }, { "db": "NVD", "id": "CVE-2010-4476" } ] }, "id": "VAR-201102-0280", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.28625434666666666 }, "last_update_date": "2024-11-29T19:42:50.109000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HPSBMU02769 SSRT100846", "trust": 4.0, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03298151" }, { "title": "NV18-002", "trust": 4.0, "url": "http://jpn.nec.com/security-info/secinfo/nv18-002.html" }, { "title": "1462019", "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21462019" }, { "title": "1462146", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21462146" }, { "title": "1462136", "trust": 0.8, "url": "http://www.ibm.com/support/docview.wss?uid=swg21462136" }, { "title": "PM31983", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM31983" }, { "title": "IZ94423", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ94423" }, { "title": "cve-2010-4476", "trust": 0.8, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html" }, { "title": "1469029", "trust": 0.8, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21469029" }, { "title": "security-5.html#Not_a_vulnerability_in_Tomcat", "trust": 0.8, "url": "http://tomcat.apache.org/security-5.html#Not_a_vulnerability_in_Tomcat" }, { "title": "security-6.html#Not_a_vulnerability_in_Tomcat", "trust": 0.8, "url": "http://tomcat.apache.org/security-6.html#Not_a_vulnerability_in_Tomcat" }, { "title": "security-7.html#Not_a_vulnerability_in_Tomcat", "trust": 0.8, "url": "http://tomcat.apache.org/security-7.html#Not_a_vulnerability_in_Tomcat" }, { "title": "1066244", "trust": 0.8, "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1066244" }, { "title": "1066315", "trust": 0.8, "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1066315" }, { "title": "1066318", "trust": 0.8, "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1066318" }, { "title": "HT4562", "trust": 0.8, "url": "http://support.apple.com/kb/HT4562" }, { "title": "HT4563", "trust": 0.8, "url": "http://support.apple.com/kb/HT4563" }, { "title": "HT4562", "trust": 0.8, "url": "http://support.apple.com/kb/HT4562?viewlocale=ja_JP" }, { "title": "HT4563", "trust": 0.8, "url": "http://support.apple.com/kb/HT4563?viewlocale=ja_JP" }, { "title": "tomcat5-5.5.23-0jpp.17.0.1.AXS3", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=1382" }, { "title": "HPUXWSATW233", "trust": 0.8, "url": "https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW233" }, { "title": "HPUXWSATW315", "trust": 0.8, "url": "https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW315" }, { "title": "HS11-008", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-008/index.html" }, { "title": "HS11-009", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-009/index.html" }, { "title": "HS11-010", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-010/index.html" }, { "title": "HS11-003", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-003/index.html" }, { "title": "HPSBUX02685", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02775276" }, { "title": "HPSBUX02642", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02746026" }, { "title": "HPSBUX02633", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02729756" }, { "title": "HPSBUX02641", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02738573" }, { "title": "HPSBUX02645", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02752210" }, { "title": "HPSBTU02684", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c02826781" }, { "title": "1469482", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469482" }, { "title": "1468197", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468197" }, { "title": "javacpufeb2011-304611", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html" }, { "title": "cpuapr2011-301950", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" }, { "title": "alert-cve-2010-4476-305811", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html" }, { "title": "RHSA-2011:0336", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2011-0336.html" }, { "title": "RHSA-2011:0214", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2011-0214.html" }, { "title": "RHSA-2011:0282", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2011-0282.html" }, { "title": "RHSA-2011:0335", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2011-0335.html" }, { "title": "security_alert_for_cve-2010-44", "trust": 0.8, "url": "http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html" }, { "title": "april_2011_critical_patch_upda", "trust": 0.8, "url": "http://blogs.oracle.com/security/2011/04/april_2011_critical_patch_upda.html" }, { "title": "VMSA-2011-0013", "trust": 0.8, "url": "http://www.vmware.com/jp/support/support-resources/advisories/VMSA-2011-0013.html" }, { "title": "HS11-008", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-008/index.html" }, { "title": "HS11-009", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-009/index.html" }, { "title": "HS11-010", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-010/index.html" }, { "title": "HS11-003", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-003/index.html" }, { "title": "interstage_as_201101", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201101.html" }, { "title": "Denial of Service Security Exposure", "trust": 0.8, "url": "https://www-304.ibm.com/support/docview.wss?uid=wws11f1aa50037313ea7852578450082883b" }, { "title": "Debian Security Advisories: DSA-2161-1 openjdk-6 -- denial of service", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=8a0fbd8ef02c50b965cd7461fe7f588d" }, { "title": "Ubuntu Security Notice: openjdk-6b18 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1079-3" }, { "title": "Ubuntu Security Notice: openjdk-6 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1079-1" }, { "title": "Ubuntu Security Notice: openjdk-6b18 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1079-2" }, { "title": "VMware Security Advisories: VMware third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=31eb28d4d81f5dda33b13bdc58dfe8fb" } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-4476" }, { "db": "JVNDB", "id": "JVNDB-2011-000018" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000016" }, { "db": "JVNDB", "id": "JVNDB-2011-001185" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-189", "trust": 3.2 }, { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "CWE-DesignError", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-000018" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000016" }, { "db": "JVNDB", "id": "JVNDB-2011-001185" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "NVD", "id": "CVE-2010-4476" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 4.3, "url": "http://secunia.com/advisories/43295" }, { "trust": 4.3, "url": "http://www.securitytracker.com/id?1025062" }, { "trust": 4.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4476" }, { "trust": 4.0, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4476" }, { "trust": 1.9, "url": "http://secunia.com/advisories/43280" }, { "trust": 1.9, "url": "http://secunia.com/advisories/43304" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2011-304611.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html" }, { "trust": 1.4, "url": "http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" }, { "trust": 1.4, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs11-003/index.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0214.html" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm31983" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-february/053926.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2011/dsa-2161" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0282.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43400" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0422" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0211.html" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iz94423" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0434" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0213.html" }, { "trust": 1.1, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468358" }, { "trust": 1.1, "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-february/053934.html" }, { "trust": 1.1, "url": "http://www13.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02720715\u0026admit=109447627+1298159618320+28353475" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0365" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43378" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0379" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0212.html" }, { "trust": 1.1, "url": "http://blogs.oracle.com/security/2011/02/security_alert_for_cve-2010-44.html" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0377" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0210.html" }, { "trust": 1.1, "url": "http://blog.fortify.com/blog/2011/02/08/double-trouble" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43048" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43333" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0334.html" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0333.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/45555" }, { "trust": 1.1, "url": "http://www.ibm.com/support/docview.wss?uid=swg24029498" }, { "trust": 1.1, "url": "http://www.ibm.com/support/docview.wss?uid=swg24029497" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0880.html" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=130514352726432\u0026w=2" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2011:054" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=131041767210772\u0026w=2" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0605" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=129960314701922\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00004.html" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00010.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43659" }, { "trust": 1.1, "url": "http://secunia.com/advisories/44954" }, { "trust": 1.1, "url": "http://secunia.com/advisories/45022" }, { "trust": 1.1, "url": "http://support.novell.com/docs/readmes/infodocument/patchbuilder/readme_5098550.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/49198" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=132215163318824\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=136485229118404\u0026w=2" }, { "trust": 1.1, "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=130270785502599\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=130497185606818\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133469267822771\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=130497132406206\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=129899347607632\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133728004526190\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=130168502603566\u0026w=2" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19493" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14589" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14328" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12745" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12662" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 0.9, "url": "http://www.securityfocus.com/bid/46091" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4476" }, { "trust": 0.8, "url": "http://jvn.jp/en/jp/jvn97334690/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/en/jp/jvn26301278/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/en/jp/jvn16308183/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/jp/jvn97334690/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu584356/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/jp/jvn16308183/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/jp/jvn26301278/index.html" }, { "trust": 0.8, "url": "http://jvn.jp/tr/jvntr-2011-02" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43198" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43262" }, { "trust": 0.8, "url": "http://secunia.com/advisories/44303" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43194" }, { "trust": 0.8, "url": "http://www.vupen.com/english/advisories/2011/0294" }, { "trust": 0.8, "url": "http://www.vupen.com/english/advisories/2011/0339" }, { "trust": 0.8, "url": "http://www.vupen.com/english/advisories/2011/1051" }, { "trust": 0.8, "url": "http://www.vupen.com/english/advisories/2011/0405" }, { "trust": 0.8, "url": "http://jvn.jp/en/jp/jvn81294135/index.html" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468884" }, { "trust": 0.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469222" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4469" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4448" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4465" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24030795" }, { "trust": 0.3, "url": "http://www.novell.com/support/viewcontent.do?externalid=7008129" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21509635" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21468287" }, { "trust": 0.3, "url": "https://h20392.www2.hp.com/portal/swdepot/displayproductinfo.do?productnumber=hpuxfpupdater" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02752210" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03090723\u0026ac.admitted=1321942068127.876444892.492883150" }, { "trust": 0.3, "url": "http://www.novell.com/support/viewcontent.do?externalid=7009249" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21469285" }, { "trust": 0.3, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201101e.html" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=ssg1s1003877" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg1oa35932" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24029090" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/1704.html" }, { "trust": 0.3, "url": "http://java.sun.com" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468728" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24032592" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21474615" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24029498" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24029497" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg24029827" }, { "trust": 0.3, "url": "/archive/1/516213" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469074" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100127618" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100128342" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100131812" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469482" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469001" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469261" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468267" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21508061" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c02906075" }, { "trust": 0.3, "url": "http://www11.itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02720715" }, { "trust": 0.3, "url": "http://itrc.hp.com/service/cki/docdisplay.do?docid=emr_na-c02738573" }, { "trust": 0.3, "url": "http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03358587" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-008/index.html" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-009/index.html" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-010/index.html" }, { "trust": 0.3, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/cve-2010-4476.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas2a5e8722f285b693586257837004234f7" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas239097234bdef0f0086257837004234ff" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas2e3651fd2836659b88625783700423505" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas2bbd9eef75e33a6ec862578370042350b" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas24394745ae41518b88625783700423513" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas274b0e6114eba807a8625783700423519" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=nas22c04013ef2a6aba98625783700423520" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21468291" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1iz94331" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469266" }, { "trust": 0.3, "url": "http://www.ibm.com/support/docview.wss?uid=swg21469046" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469229" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468927" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24029823" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468987" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2011-0334.html" }, { "trust": 0.3, "url": "https://rhn.redhat.com/errata/rhsa-2011-0333.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468915" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468912" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21469042" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/2566.html" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/2564.html" }, { "trust": 0.3, "url": "http://support.attachmate.com/techdocs/2560.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468521" }, { "trust": 0.3, "url": "http://www.novell.com/support/viewcontent.do?externalid=7008485" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21468705" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=isg400000547" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24033364" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24032885" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24029766" }, { "trust": 0.3, "url": "https://www-304.ibm.com/support/docview.wss?uid=swg24029768" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24029502" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4470" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4450" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4471" }, { "trust": 0.3, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.3, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.3, "url": "https://www.hp.com/go/swa" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4472" }, { "trust": 0.3, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.3, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.3, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4422" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4454" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0815" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0814" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4462" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0862" }, { "trust": 0.2, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4475" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4473" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4447" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0802" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0706" }, { "trust": 0.2, "url": "https://www.hp.com/go/java" }, { "trust": 0.2, "url": "http://h18012.www1.hp.com/java/alpha/fpupdater_index.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://www.debian.org/security/./dsa-2161" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/35304/" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1079-3/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=22468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4474" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0814" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4451" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3516" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3550" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3556" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3550" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4447" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4466" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0863" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3558" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4462" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3546" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3559" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3561" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4475" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3559" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0867" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4463" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3545" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0802" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4473" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201111-02.xml" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0873" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4454" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4474" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4467" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4452" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0817" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4468" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4466" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0786" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4463" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0788" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4451" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea-6-jre-cacao_6b18-1.8.7-0ubuntu2.1_armel.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu2.1.diff.gz" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jdk_6b18-1.8.7-0ubuntu2.1_armel.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7.orig.tar.gz" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-demo_6b18-1.8.7-0ubuntu2.1_armel.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre-headless_6b18-1.8.7-0ubuntu2.1_armel.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/o/openjdk-6b18/openjdk-6b18_6b18-1.8.7-0ubuntu2.1.dsc" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-dbg_6b18-1.8.7-0ubuntu2.1_armel.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/icedtea6-plugin_6b18-1.8.7-0ubuntu2.1_armel.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/universe/o/openjdk-6b18/openjdk-6-jre-zero_6b18-1.8.7-0ubuntu2.1_armel.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/o/openjdk-6b18/openjdk-6-jre_6b18-1.8.7-0ubuntu2.1_armel.deb" }, { "trust": 0.1, "url": "https://passport2.hp.com" }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://www.debian.org/security/faq" }, { "trust": 0.1, "url": "http://www.debian.org/security/" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.1, "url": "http://www.exploringbinary.com/why-volatile-fixes-the-2-2250738585072011e-308-bug/comment-page-1/#comment-4645" }, { "trust": 0.1, "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-02/0075.html" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43198" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43198/#comments" }, { "trust": 0.1, "url": "http://secunia.com/products/corporate/vim/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://tomcat.apache.org/security-5.html" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43198/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0025" }, { "trust": 0.1, "url": "http://store.mandriva.com/product_info.php?cpath=149\u0026amp;products_id=490" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4448" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0025" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4465" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4470" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4472" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4469" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4450" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4471" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4351" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0706" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4351" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0865" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3563" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0864" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3545" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3560" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3552" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0499" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3389" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3556" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0867" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0871" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2204" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0033" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2526" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2902" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3190" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0580" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2693" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0781" }, { "trust": 0.1, "url": "http://h71000.www7.hp.com/openvms/products/ips/apache/csws_java.html" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c02964430" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1184" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-1157" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2729" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2901" } ], "sources": [ { "db": "VULMON", "id": "CVE-2010-4476" }, { "db": "BID", "id": "46091" }, { "db": "JVNDB", "id": "JVNDB-2011-000018" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000016" }, { "db": "JVNDB", "id": "JVNDB-2011-001185" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "114812" }, { "db": "PACKETSTORM", "id": "99459" }, { "db": "PACKETSTORM", "id": "98801" }, { "db": "PACKETSTORM", "id": "101246" }, { "db": "PACKETSTORM", "id": "98469" }, { "db": "PACKETSTORM", "id": "101245" }, { "db": "PACKETSTORM", "id": "98186" }, { "db": "PACKETSTORM", "id": "99798" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "PACKETSTORM", "id": "111920" }, { "db": "NVD", "id": "CVE-2010-4476" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2010-4476" }, { "db": "BID", "id": "46091" }, { "db": "JVNDB", "id": "JVNDB-2011-000018" }, { "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "db": "JVNDB", "id": "JVNDB-2011-000016" }, { "db": "JVNDB", "id": "JVNDB-2011-001185" }, { "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "db": "PACKETSTORM", "id": "106640" }, { "db": "PACKETSTORM", "id": "114812" }, { "db": "PACKETSTORM", "id": "99459" }, { "db": "PACKETSTORM", "id": "98801" }, { "db": "PACKETSTORM", "id": "101246" }, { "db": "PACKETSTORM", "id": "98469" }, { "db": "PACKETSTORM", "id": "101245" }, { "db": "PACKETSTORM", "id": "98186" }, { "db": "PACKETSTORM", "id": "99798" }, { "db": "PACKETSTORM", "id": "112826" }, { "db": "PACKETSTORM", "id": "111920" }, { "db": "NVD", "id": "CVE-2010-4476" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-02-17T00:00:00", "db": "VULMON", "id": "CVE-2010-4476" }, { "date": "2011-02-01T00:00:00", "db": "BID", "id": "46091" }, { "date": "2011-03-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-000018" }, { "date": "2011-03-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "date": "2011-03-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-000016" }, { "date": "2011-03-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001185" }, { "date": "2011-03-10T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "date": "2011-11-06T01:01:42", "db": "PACKETSTORM", "id": "106640" }, { "date": "2012-07-17T21:49:22", "db": "PACKETSTORM", "id": "114812" }, { "date": "2011-03-18T21:57:10", "db": "PACKETSTORM", "id": "99459" }, { "date": "2011-03-01T22:06:12", "db": "PACKETSTORM", "id": "98801" }, { "date": "2011-05-09T22:49:19", "db": "PACKETSTORM", "id": "101246" }, { "date": "2011-02-14T21:33:52", "db": "PACKETSTORM", "id": "98469" }, { "date": "2011-05-09T22:46:47", "db": "PACKETSTORM", "id": "101245" }, { "date": "2011-02-07T01:36:02", "db": "PACKETSTORM", "id": "98186" }, { "date": "2011-03-28T18:56:27", "db": "PACKETSTORM", "id": "99798" }, { "date": "2012-05-17T21:16:37", "db": "PACKETSTORM", "id": "112826" }, { "date": "2012-04-17T20:41:11", "db": "PACKETSTORM", "id": "111920" }, { "date": "2011-02-17T19:00:01.900000", "db": "NVD", "id": "CVE-2010-4476" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULMON", "id": "CVE-2010-4476" }, { "date": "2015-04-13T21:31:00", "db": "BID", "id": "46091" }, { "date": "2018-02-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-000018" }, { "date": "2018-02-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-000017" }, { "date": "2018-02-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-000016" }, { "date": "2018-02-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001185" }, { "date": "2018-02-07T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-000020" }, { "date": "2024-11-21T01:21:01.770000", "db": "NVD", "id": "CVE-2010-4476" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "network", "sources": [ { "db": "BID", "id": "46091" } ], "trust": 0.3 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IBM Lotus vulnerable to denial-of-service (DoS)", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-000018" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Boundary Condition Error", "sources": [ { "db": "BID", "id": "46091" } ], "trust": 0.3 } }
var-201112-0123
Vulnerability from variot
Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. Oracle Glassfish Calculates the hash value of the form parameter without restricting the assumption of hash collision. (CPU Resource consumption ) There is a vulnerability that becomes a condition.A third party can send a large amount of crafted parameters to disrupt service operation. (CPU Resource consumption ) There is a possibility of being put into a state. Oracle GlassFish Server is prone to a denial-of-service vulnerability. An attacker can exploit this issue by sending specially crafted forms in HTTP POST requests. Oracle GlassFish Server 3.1.1 and prior versions are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
APPLE-SA-2012-04-03-1 Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7
Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now available and addresses the following:
Java Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.3, OS X Lion Server v10.7.3 Impact: Multiple vulnerabilities in Java 1.6.0_29 Description: Multiple vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_31. Further information is available via the Java website at http://www.o racle.com/technetwork/java/javase/releasenotes-136954.html CVE-ID CVE-2011-3563 CVE-2011-5035 CVE-2012-0497 CVE-2012-0498 CVE-2012-0499 CVE-2012-0500 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 CVE-2012-0507
Java for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 may be obtained from the Software Update pane in System Preferences, or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
For Mac OS X v10.6 systems The download file is named: JavaForMacOSX10.6.dmg Its SHA-1 digest is: f76807153bc0ca253e4a466a2a8c0abf1e180667
For OS X Lion systems The download file is named: JavaForOSX.dmg Its SHA-1 digest is: 176ac1f8e79b4245301e84b616de5105ccd13e16
Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org
iQEcBAEBAgAGBQJPezVqAAoJEGnF2JsdZQee7gIIALa7b5hVTKL7kOXF7EYT6wjx VnAmxoQbjEwpBkdzPzqqhCQ303/iBdLdHr2O/yxdaX0tFuB+5+4iInPU2t6O+PNh 7iJ3rhQszzIj5q/qGDXyzIQEjurNfvrEKAxQ3T7uj1At+n/9YVBaw8p6i+HopbRc Fo6Jrxy0Qf/MyeGO4lqxht2Aq8omh+pEBNP68EglqrJp/CjZTYGaFAHVGvnm8/gA wjcpIRQBacXcBCJ3K8pZhuQvXhm+GVLWYgc2KGsZ/l7jbQX5Bi67b7CFf7lBHlyd V7ss6N/0T/O3nspdhg+jhnvcaia1Ow3GikC/707NNkM8Dm3lm0DFVMBBgpNvPcU= =Pf96 -----END PGP SIGNATURE----- .
Background
IcedTea is a distribution of the Java OpenJDK source code built with free build tools. ============================================================================ Ubuntu Security Notice USN-1373-2 March 01, 2012
openjdk-6b18 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
Summary:
Multiple vulnerabilities in OpenJDK 6 for the ARM architecture have been fixed.
Software Description: - openjdk-6b18: Open Source Java implementation
Details:
USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM (armel). This provides the corresponding OpenJDK 6 update for use with the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. This may be increased by adjusting the sun.net.httpserver.maxReqHeaders property. (CVE-2012-0497)
It was discovered that an off-by-one error exists in the Java ZIP file processing code. An attacker could us this to cause a denial of service through a maliciously crafted ZIP file. (CVE-2012-0507)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 11.04: icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~11.04.1 icedtea-6-jre-jamvm 6b18-1.8.13-0ubuntu1~11.04.1 openjdk-6-jre 6b18-1.8.13-0ubuntu1~11.04.1 openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~11.04.1 openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~11.04.1
Ubuntu 10.10: icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~10.10.1 openjdk-6-jre 6b18-1.8.13-0ubuntu1~10.10.1 openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~10.10.1 openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~10.10.1
Ubuntu 10.04 LTS: icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~10.04.1 openjdk-6-jre 6b18-1.8.13-0ubuntu1~10.04.1 openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~10.04.1 openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~10.04.1
After a standard system update you need to restart any Java applications or applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03350339
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03350339 Version: 1
HPSBUX02784 SSRT100871 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2012-05-30 Last Updated: 2012-05-29
Potential Security Impact: Remote unauthorized access, disclosure of information, and other vulnerabilities
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, disclosure of information, and other vulnerabilities.
References: CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0504, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.23, B.11.31 running HP JDK and JRE 7.0.0
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2011-5035 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0497 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0498 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0500 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 CVE-2012-0501 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0 CVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4 CVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0504 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3 CVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5 CVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-0507 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following Java version upgrade to resolve these vulnerabilities. The upgrade is available from the following location
http://www.hp.com/go/java
HP-UX B.11.23, B.11.31 JDK and JRE v7.0.01 or subsequent
MANUAL ACTIONS: Yes - Update For Java v7.0.0, update to Java v7.0.01 or subsequent
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.23 HP-UX B.11.31 =========== Jdk70.JDK70-COM Jdk70.JDK70-DEMO Jdk70.JDK70-IPF32 Jdk70.JDK70-IPF64 Jre70.JRE70-COM Jre70.JRE70-IPF32 Jre70.JRE70-IPF32-HS Jre70.JRE70-IPF64 Jre70.JRE70-IPF64-HS action: install revision 1.7.0.01 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 30 May 2012 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Fix in AtomicReferenceArray (CVE-2011-3571).
Multiple unspecified vulnerabilities allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors (CVE-2012-0498. CVE-2012-0499, CVE-2012-0500).
Issues with some KeyboardFocusManager method (CVE-2012-0502).
Issues with TimeZone class (CVE-2012-0503).
Enhance exception throwing mechanism in ObjectStreamClass (CVE-2012-0505).
Issues with some method in corba (CVE-2012-0506). The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFPPnJ1mqjQ0CJFipgRAsShAJ9uLjzWi9Y8x/myvScmQfUPwRh8RACg22f9 NSDNWCT+JqEyYHUExPAwR58= =cwgS -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-30
http://security.gentoo.org/
Severity: High Title: Oracle JRE/JDK: Multiple vulnerabilities Date: January 27, 2014 Bugs: #404071, #421073, #433094, #438706, #451206, #455174, #458444, #460360, #466212, #473830, #473980, #488210, #498148 ID: 201401-30
Synopsis
Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact.
Background
The Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and the Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE) provide the Oracle Java platform (formerly known as Sun Java Platform).
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-java/sun-jdk <= 1.6.0.45 Vulnerable! 2 dev-java/oracle-jdk-bin < 1.7.0.51 >= 1.7.0.51 * 3 dev-java/sun-jre-bin <= 1.6.0.45 Vulnerable! 4 dev-java/oracle-jre-bin < 1.7.0.51 >= 1.7.0.51 * 5 app-emulation/emul-linux-x86-java < 1.7.0.51 >= 1.7.0.51 * ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- NOTE: Packages marked with asterisks require manual intervention! ------------------------------------------------------------------- 5 affected packages
Description
Multiple vulnerabilities have been reported in the Oracle Java implementation. Please review the CVE identifiers referenced below for details.
Impact
An unauthenticated, remote attacker could exploit these vulnerabilities to execute arbitrary code. Furthermore, a local or remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code.
Workaround
There is no known workaround at this time.
Resolution
All Oracle JDK 1.7 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jdk-bin-1.7.0.51"
All Oracle JRE 1.7 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=dev-java/oracle-jre-bin-1.7.0.51"
All users of the precompiled 32-bit Oracle JRE should upgrade to the latest version:
# emerge --sync # emerge -a -1 -v ">=app-emulation/emul-linux-x86-java-1.7.0.51"
All Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one of the newer Oracle packages like dev-java/oracle-jdk-bin or dev-java/oracle-jre-bin or choose another alternative we provide; eg. the IBM JDK/JRE or the open source IcedTea.
NOTE: As Oracle has revoked the DLJ license for its Java implementation, the packages can no longer be updated automatically.
References
[ 1 ] CVE-2011-3563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563 [ 2 ] CVE-2011-5035 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035 [ 3 ] CVE-2012-0497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497 [ 4 ] CVE-2012-0498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498 [ 5 ] CVE-2012-0499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499 [ 6 ] CVE-2012-0500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500 [ 7 ] CVE-2012-0501 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501 [ 8 ] CVE-2012-0502 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502 [ 9 ] CVE-2012-0503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503 [ 10 ] CVE-2012-0504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504 [ 11 ] CVE-2012-0505 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505 [ 12 ] CVE-2012-0506 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506 [ 13 ] CVE-2012-0507 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507 [ 14 ] CVE-2012-0547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547 [ 15 ] CVE-2012-1531 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531 [ 16 ] CVE-2012-1532 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532 [ 17 ] CVE-2012-1533 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533 [ 18 ] CVE-2012-1541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541 [ 19 ] CVE-2012-1682 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682 [ 20 ] CVE-2012-1711 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711 [ 21 ] CVE-2012-1713 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713 [ 22 ] CVE-2012-1716 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716 [ 23 ] CVE-2012-1717 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717 [ 24 ] CVE-2012-1718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718 [ 25 ] CVE-2012-1719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719 [ 26 ] CVE-2012-1721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721 [ 27 ] CVE-2012-1722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722 [ 28 ] CVE-2012-1723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723 [ 29 ] CVE-2012-1724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724 [ 30 ] CVE-2012-1725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725 [ 31 ] CVE-2012-1726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726 [ 32 ] CVE-2012-3136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136 [ 33 ] CVE-2012-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143 [ 34 ] CVE-2012-3159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159 [ 35 ] CVE-2012-3174 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174 [ 36 ] CVE-2012-3213 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213 [ 37 ] CVE-2012-3216 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216 [ 38 ] CVE-2012-3342 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342 [ 39 ] CVE-2012-4416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416 [ 40 ] CVE-2012-4681 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681 [ 41 ] CVE-2012-5067 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067 [ 42 ] CVE-2012-5068 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068 [ 43 ] CVE-2012-5069 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069 [ 44 ] CVE-2012-5070 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070 [ 45 ] CVE-2012-5071 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071 [ 46 ] CVE-2012-5072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072 [ 47 ] CVE-2012-5073 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073 [ 48 ] CVE-2012-5074 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074 [ 49 ] CVE-2012-5075 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075 [ 50 ] CVE-2012-5076 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076 [ 51 ] CVE-2012-5077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077 [ 52 ] CVE-2012-5079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079 [ 53 ] CVE-2012-5081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081 [ 54 ] CVE-2012-5083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083 [ 55 ] CVE-2012-5084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084 [ 56 ] CVE-2012-5085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085 [ 57 ] CVE-2012-5086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086 [ 58 ] CVE-2012-5087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087 [ 59 ] CVE-2012-5088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088 [ 60 ] CVE-2012-5089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089 [ 61 ] CVE-2013-0169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169 [ 62 ] CVE-2013-0351 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351 [ 63 ] CVE-2013-0401 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401 [ 64 ] CVE-2013-0402 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402 [ 65 ] CVE-2013-0409 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409 [ 66 ] CVE-2013-0419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419 [ 67 ] CVE-2013-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422 [ 68 ] CVE-2013-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423 [ 69 ] CVE-2013-0430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430 [ 70 ] CVE-2013-0437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437 [ 71 ] CVE-2013-0438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438 [ 72 ] CVE-2013-0445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445 [ 73 ] CVE-2013-0446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446 [ 74 ] CVE-2013-0448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448 [ 75 ] CVE-2013-0449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449 [ 76 ] CVE-2013-0809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809 [ 77 ] CVE-2013-1473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473 [ 78 ] CVE-2013-1479 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479 [ 79 ] CVE-2013-1481 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481 [ 80 ] CVE-2013-1484 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484 [ 81 ] CVE-2013-1485 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485 [ 82 ] CVE-2013-1486 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486 [ 83 ] CVE-2013-1487 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487 [ 84 ] CVE-2013-1488 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488 [ 85 ] CVE-2013-1491 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491 [ 86 ] CVE-2013-1493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493 [ 87 ] CVE-2013-1500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500 [ 88 ] CVE-2013-1518 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518 [ 89 ] CVE-2013-1537 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537 [ 90 ] CVE-2013-1540 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540 [ 91 ] CVE-2013-1557 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557 [ 92 ] CVE-2013-1558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558 [ 93 ] CVE-2013-1561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561 [ 94 ] CVE-2013-1563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563 [ 95 ] CVE-2013-1564 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564 [ 96 ] CVE-2013-1569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569 [ 97 ] CVE-2013-1571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571 [ 98 ] CVE-2013-2383 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383 [ 99 ] CVE-2013-2384 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384 [ 100 ] CVE-2013-2394 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394 [ 101 ] CVE-2013-2400 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400 [ 102 ] CVE-2013-2407 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407 [ 103 ] CVE-2013-2412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412 [ 104 ] CVE-2013-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414 [ 105 ] CVE-2013-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415 [ 106 ] CVE-2013-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416 [ 107 ] CVE-2013-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417 [ 108 ] CVE-2013-2418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418 [ 109 ] CVE-2013-2419 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419 [ 110 ] CVE-2013-2420 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420 [ 111 ] CVE-2013-2421 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421 [ 112 ] CVE-2013-2422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422 [ 113 ] CVE-2013-2423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423 [ 114 ] CVE-2013-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424 [ 115 ] CVE-2013-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425 [ 116 ] CVE-2013-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426 [ 117 ] CVE-2013-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427 [ 118 ] CVE-2013-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428 [ 119 ] CVE-2013-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429 [ 120 ] CVE-2013-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430 [ 121 ] CVE-2013-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431 [ 122 ] CVE-2013-2432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432 [ 123 ] CVE-2013-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433 [ 124 ] CVE-2013-2434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434 [ 125 ] CVE-2013-2435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435 [ 126 ] CVE-2013-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436 [ 127 ] CVE-2013-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437 [ 128 ] CVE-2013-2438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438 [ 129 ] CVE-2013-2439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439 [ 130 ] CVE-2013-2440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440 [ 131 ] CVE-2013-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442 [ 132 ] CVE-2013-2443 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443 [ 133 ] CVE-2013-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444 [ 134 ] CVE-2013-2445 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445 [ 135 ] CVE-2013-2446 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446 [ 136 ] CVE-2013-2447 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447 [ 137 ] CVE-2013-2448 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448 [ 138 ] CVE-2013-2449 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449 [ 139 ] CVE-2013-2450 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450 [ 140 ] CVE-2013-2451 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451 [ 141 ] CVE-2013-2452 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452 [ 142 ] CVE-2013-2453 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453 [ 143 ] CVE-2013-2454 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454 [ 144 ] CVE-2013-2455 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455 [ 145 ] CVE-2013-2456 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456 [ 146 ] CVE-2013-2457 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457 [ 147 ] CVE-2013-2458 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458 [ 148 ] CVE-2013-2459 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459 [ 149 ] CVE-2013-2460 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460 [ 150 ] CVE-2013-2461 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461 [ 151 ] CVE-2013-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462 [ 152 ] CVE-2013-2463 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463 [ 153 ] CVE-2013-2464 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464 [ 154 ] CVE-2013-2465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465 [ 155 ] CVE-2013-2466 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466 [ 156 ] CVE-2013-2467 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467 [ 157 ] CVE-2013-2468 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468 [ 158 ] CVE-2013-2469 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469 [ 159 ] CVE-2013-2470 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470 [ 160 ] CVE-2013-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471 [ 161 ] CVE-2013-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472 [ 162 ] CVE-2013-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473 [ 163 ] CVE-2013-3743 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743 [ 164 ] CVE-2013-3744 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744 [ 165 ] CVE-2013-3829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829 [ 166 ] CVE-2013-5772 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772 [ 167 ] CVE-2013-5774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774 [ 168 ] CVE-2013-5775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775 [ 169 ] CVE-2013-5776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776 [ 170 ] CVE-2013-5777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777 [ 171 ] CVE-2013-5778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778 [ 172 ] CVE-2013-5780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780 [ 173 ] CVE-2013-5782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782 [ 174 ] CVE-2013-5783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783 [ 175 ] CVE-2013-5784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784 [ 176 ] CVE-2013-5787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787 [ 177 ] CVE-2013-5788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788 [ 178 ] CVE-2013-5789 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789 [ 179 ] CVE-2013-5790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790 [ 180 ] CVE-2013-5797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797 [ 181 ] CVE-2013-5800 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800 [ 182 ] CVE-2013-5801 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801 [ 183 ] CVE-2013-5802 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802 [ 184 ] CVE-2013-5803 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803 [ 185 ] CVE-2013-5804 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804 [ 186 ] CVE-2013-5805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805 [ 187 ] CVE-2013-5806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806 [ 188 ] CVE-2013-5809 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809 [ 189 ] CVE-2013-5810 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810 [ 190 ] CVE-2013-5812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812 [ 191 ] CVE-2013-5814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814 [ 192 ] CVE-2013-5817 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817 [ 193 ] CVE-2013-5818 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818 [ 194 ] CVE-2013-5819 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819 [ 195 ] CVE-2013-5820 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820 [ 196 ] CVE-2013-5823 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823 [ 197 ] CVE-2013-5824 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824 [ 198 ] CVE-2013-5825 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825 [ 199 ] CVE-2013-5829 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829 [ 200 ] CVE-2013-5830 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830 [ 201 ] CVE-2013-5831 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831 [ 202 ] CVE-2013-5832 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832 [ 203 ] CVE-2013-5838 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838 [ 204 ] CVE-2013-5840 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840 [ 205 ] CVE-2013-5842 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842 [ 206 ] CVE-2013-5843 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843 [ 207 ] CVE-2013-5844 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844 [ 208 ] CVE-2013-5846 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846 [ 209 ] CVE-2013-5848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848 [ 210 ] CVE-2013-5849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849 [ 211 ] CVE-2013-5850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850 [ 212 ] CVE-2013-5851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851 [ 213 ] CVE-2013-5852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852 [ 214 ] CVE-2013-5854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854 [ 215 ] CVE-2013-5870 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870 [ 216 ] CVE-2013-5878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878 [ 217 ] CVE-2013-5887 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887 [ 218 ] CVE-2013-5888 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888 [ 219 ] CVE-2013-5889 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889 [ 220 ] CVE-2013-5893 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893 [ 221 ] CVE-2013-5895 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895 [ 222 ] CVE-2013-5896 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896 [ 223 ] CVE-2013-5898 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898 [ 224 ] CVE-2013-5899 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899 [ 225 ] CVE-2013-5902 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902 [ 226 ] CVE-2013-5904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904 [ 227 ] CVE-2013-5905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905 [ 228 ] CVE-2013-5906 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906 [ 229 ] CVE-2013-5907 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907 [ 230 ] CVE-2013-5910 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910 [ 231 ] CVE-2014-0368 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368 [ 232 ] CVE-2014-0373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373 [ 233 ] CVE-2014-0375 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375 [ 234 ] CVE-2014-0376 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376 [ 235 ] CVE-2014-0382 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382 [ 236 ] CVE-2014-0385 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385 [ 237 ] CVE-2014-0387 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387 [ 238 ] CVE-2014-0403 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403 [ 239 ] CVE-2014-0408 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408 [ 240 ] CVE-2014-0410 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410 [ 241 ] CVE-2014-0411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411 [ 242 ] CVE-2014-0415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415 [ 243 ] CVE-2014-0416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416 [ 244 ] CVE-2014-0417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417 [ 245 ] CVE-2014-0418 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418 [ 246 ] CVE-2014-0422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422 [ 247 ] CVE-2014-0423 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423 [ 248 ] CVE-2014-0424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424 [ 249 ] CVE-2014-0428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201401-30.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ----------------------------------------------------------------------
Secunia is hiring!
Find your next job here:
http://secunia.com/company/jobs/
TITLE: Oracle Multiple Products Web Form Hash Collision Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA47819
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47819/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47819
RELEASE DATE: 2012-02-01
DISCUSS ADVISORY: http://secunia.com/advisories/47819/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/47819/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=47819
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in multiple Oracle products, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error within a hash generation function when hashing form posts and updating a hash table.
The vulnerability is reported in the following products: * Oracle Application Server 10g Release 3 version 10.1.3.5.0. * Oracle iPlanet Web Server 7.0. * Oracle iPlanet Web Server (formerly Oracle Java System Web Server) 6.1.
SOLUTION: Apply patch.
Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Important: java-1.6.0-openjdk security update Advisory ID: RHSA-2012:0322-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0322.html Issue date: 2012-02-21 CVE Names: CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 =====================================================================
- Summary:
Updated java-1.6.0-openjdk packages that fix several security issues are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux (v. 5 server) - i386, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
- Description:
These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit.
It was discovered that Java2D did not properly check graphics rendering objects before passing them to the native renderer. Malicious input, or an untrusted Java application or applet could use this flaw to crash the Java Virtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)
It was discovered that the exception thrown on deserialization failure did not always contain a proper identification of the cause of the failure. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2012-0505)
The AtomicReferenceArray class implementation did not properly check if the array was of the expected Object[] type. A malicious Java application or applet could use this flaw to bypass Java sandbox restrictions. (CVE-2011-3571)
It was discovered that the use of TimeZone.setDefault() was not restricted by the SecurityManager, allowing an untrusted Java application or applet to set a new default time zone, and hence bypass Java sandbox restrictions. (CVE-2012-0503)
The HttpServer class did not limit the number of headers read from HTTP requests. A remote attacker could use this flaw to make an application using HttpServer use an excessive amount of CPU time via a specially-crafted request. This update introduces a header count limit controlled using the sun.net.httpserver.maxReqHeaders property. The default value is 200. (CVE-2011-5035)
The Java Sound component did not properly check buffer boundaries. Malicious input, or an untrusted Java application or applet could use this flaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion of its memory. (CVE-2011-3563)
A flaw was found in the AWT KeyboardFocusManager that could allow an untrusted Java application or applet to acquire keyboard focus and possibly steal sensitive information. (CVE-2012-0502)
It was discovered that the CORBA (Common Object Request Broker Architecture) implementation in Java did not properly protect repository identifiers on certain CORBA objects. This could have been used to modify immutable object data. (CVE-2012-0506)
An off-by-one flaw, causing a stack overflow, was found in the unpacker for ZIP files. A specially-crafted ZIP archive could cause the Java Virtual Machine (JVM) to crash when opened. (CVE-2012-0501)
This erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to the NEWS file, linked to in the References, for further information.
All users of java-1.6.0-openjdk are advised to upgrade to these updated packages, which resolve these issues. All running instances of OpenJDK Java must be restarted for the update to take effect.
- Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259
- Bugs fixed (http://bugzilla.redhat.com/):
788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960) 788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283) 788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687) 788994 - CVE-2011-3571 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299) 789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367) 789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683) 789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700) 789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704) 789301 - CVE-2012-0497 OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642)
- Package List:
Red Hat Enterprise Linux Desktop (v. 5 client):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.src.rpm
i386: java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm java-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm
x86_64: java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm java-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2011-3563.html https://www.redhat.com/security/data/cve/CVE-2011-3571.html https://www.redhat.com/security/data/cve/CVE-2011-5035.html https://www.redhat.com/security/data/cve/CVE-2012-0497.html https://www.redhat.com/security/data/cve/CVE-2012-0501.html https://www.redhat.com/security/data/cve/CVE-2012-0502.html https://www.redhat.com/security/data/cve/CVE-2012-0503.html https://www.redhat.com/security/data/cve/CVE-2012-0505.html https://www.redhat.com/security/data/cve/CVE-2012-0506.html https://access.redhat.com/security/updates/classification/#important http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/NEWS http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFPRBvTXlSAg2UNWIIRArkfAJ9B74k5cUjTIZGepTvbu+3kEcMpIgCgo2FR eIi8N5jfo4lIBLPu4EKFpVo= =ChsF -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201112-0123", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "glassfish server", "scope": "eq", "trust": 2.7, "vendor": "oracle", "version": "3.0.1" }, { "model": "glassfish server", "scope": "eq", "trust": 2.7, "vendor": "oracle", "version": "2.1.1" }, { "model": "glassfish server", "scope": "eq", "trust": 1.7, "vendor": "oracle", "version": "3.1.1" }, { "model": "communications server", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "2.0" }, { "model": "weblogic server", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "10.3.4" }, { "model": "weblogic server", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "9.2.4" }, { "model": "weblogic server", "scope": "eq", "trust": 1.1, "vendor": "oracle", "version": "10.0.2" }, { "model": "glassfish server", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "3.1.1" }, { "model": "jre 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 30", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 28", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 14", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 20", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 18", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 03", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 17", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.7.0 2", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.7.0 2", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 14", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 04", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 25", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 27", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 30", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 12", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.7" }, { "model": "jre 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 01", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jdk 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 19", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 15", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 07", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 28", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 23", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 11", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 02", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 05", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 26", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 1.6.0 21", "scope": null, "trust": 0.9, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jre 06", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 11", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk 10", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": "jdk", "scope": "eq", "trust": 0.9, "vendor": "oracle", "version": "1.7" }, { "model": "jdk 1.6.0 22", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 1.6.0 24", "scope": null, "trust": 0.9, "vendor": "oracle", "version": null }, { "model": "jdk 13", "scope": "eq", "trust": 0.9, "vendor": "sun", "version": "1.6" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apache tomcat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "microsoft", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "oracle", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ruby", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "the php group", "version": null }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.3" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.6.8" }, { "model": "mac os x server", "scope": "eq", "trust": 0.8, "vendor": "apple", "version": "v10.7.3" }, { "model": "java system web server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "6.1" }, { "model": "application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10g r3 (10.1.3.5.0)" }, { "model": "iplanet web server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "7.0" }, { "model": "jrockit", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "27.7.1" }, { "model": "jrockit", "scope": "lte", "trust": 0.8, "vendor": "oracle", "version": "28.2.2" }, { "model": "sun java system application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "8.1" }, { "model": "sun java system application server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "8.2" }, { "model": "weblogic server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "11gr1 (10.3.3" }, { "model": "weblogic server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "10.3.5)" }, { "model": "weblogic server", "scope": "eq", "trust": 0.8, "vendor": "oracle", "version": "12cr1 (12.1.1)" }, { "model": "hp xp p9000 performance advisor software", "scope": "lte", "trust": 0.8, "vendor": "hewlett packard", "version": "5.4.1" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard version 6" }, { "model": "cosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "cosminexus developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "cosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- standard edition version 4" }, { "model": "cosminexus server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- standard edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "- web edition version 4" }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "version 5" }, { "model": "hirdb for java /xml", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "developer\u0027s kit for java", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "processing kit for xml", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "enterprise" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "express" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "smart edition" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus application server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard-r" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "none" }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "01" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "light" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "professional for plug-in" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "standard" }, { "model": "ucosminexus operator", "scope": null, "trust": 0.8, "vendor": "hitachi", "version": null }, { "model": "ucosminexus portal framework", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "entry set" }, { "model": "ucosminexus primary server", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "base" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "architect" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform" }, { "model": "ucosminexus service", "scope": "eq", "trust": 0.8, "vendor": "hitachi", "version": "platform - messaging" }, { "model": "internet navigware server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application development cycle manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "none" }, { "model": "interstage application server", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "plus developer / apworks / studio" }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage form coordinator workflow", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage list manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage list works", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage service integrator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage shunsaku data manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage web server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage xml business activity recorder", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "serverview", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "resource orchestrator cloud edition" }, { "model": "success server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker availability view", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker desktop inspection", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker it change manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker it process master", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker operation manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker runbook automation", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker service catalog manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker service quality coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker software configuration manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "jdk 01-b06", "scope": "eq", "trust": 0.6, "vendor": "sun", "version": "1.6" }, { "model": "jre 1.6.0 2", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jdk 1.6.0 01", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "jre 1.6.0 20", "scope": null, "trust": 0.6, "vendor": "sun", "version": null }, { "model": "weblogic server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.3.5.0" }, { "model": "jrockit r28.2.2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "java se sr8 fp1", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "java system web server sp9", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux enterprise sdk sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "jrockit r27.6.0-50", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.5.015" }, { "model": "processing kit for xml", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.16.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.19.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "jdk 01", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6" }, { "model": "cosminexus studio web edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server j06.08.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.15.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.06" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.0" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "cosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java ibm 64-bit sdk for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "nonstop server j06.06.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk and jre", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "7.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.1" }, { "model": "java system web server sp7", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "nonstop server j06.14", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jrockit r27.6.2", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "jrockit r27.6.5", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "ucosminexus application server standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.8" }, { "model": "nonstop server j06.09.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "glassfish server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0" }, { "model": "nonstop server j06.04.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system platform sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" }, { "model": "nonstop server j06.13", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "weblogic server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "12.1.10" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "nonstop server j06.09.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iplanet web server", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "7.0" }, { "model": "ucosminexus operator", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux enterprise server sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura application server sip core", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "53002.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0.0.52" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "java system application server", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "8.2" }, { "model": "cosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "8.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server h06.18.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.22.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.014" }, { "model": "cosminexus application server enterprise", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server j06.12.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ir", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "jrockit r27.6.9", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server j06.05.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.011" }, { "model": "nonstop server j06.08.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.09.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jrockit r27.6.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "nonstop server j06.16", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus client for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "java se sr6", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "nonstop server j6.0.14.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "jrockit r27.1.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "ucosminexus developer", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "010" }, { "model": "enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "glassfish server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.0" }, { "model": "ucosminexus service architect", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6.2" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "jrockit r28.1.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "ucosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ucosminexus service platform messaging", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "voice portal sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server j06.07.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "enterprise linux workstation", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "nonstop server j06.09.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java system web server sp5", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "jrockit r28.0.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.10.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "jrockit r27.6.6", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "nonstop server j06.06.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.012" }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server h06.24.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.4" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jrockit r27.6.8", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "nonstop server h06.25", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java system web server sp8", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "messaging storage server sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.04" }, { "model": "ucosminexus application server light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.15.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java system web server sp4", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "jrockit r27.7.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "cosminexus studio", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "java system web server sp10", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "glassfish server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.1" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "java se sr9", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "jrockit r28.1.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "hp-ux b.11.11", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6" }, { "model": "nonstop server j06.07.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "message networking sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux enterprise server for vmware sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "xp p9000 performance advisor", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "5.5.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.010" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.013" }, { "model": "java system web server sp2", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "jrockit r27.6.4", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "nonstop server j06.08.04", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura system manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "messaging storage server sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.3" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.015" }, { "model": "nonstop server h06.15.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.24", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.018" }, { "model": "cosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.019" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.1" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "nonstop server h06.16.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus developer professional for plug-in", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.18.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.20.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "enterprise linux hpc node optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "java ibm 31-bit sdk for z/os", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "5" }, { "model": "nonstop server j06.13.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "nonstop server h06.23", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.3" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "nonstop server h06.19.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr7", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "communication manager sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.5" }, { "model": "esx", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.1" }, { "model": "nonstop server", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "6" }, { "model": "jrockit r28.0.1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "call management system r", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "glassfish server ur1 po1", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "weblogic server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.3.3" }, { "model": "nonstop server h06.22.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "enterprise linux workstation optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jrockit r28.1.3", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.2" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "weblogic server 11gr1", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.020" }, { "model": "iplanet webserver", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "7.0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "cosminexus studio standard edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "-0" }, { "model": "nonstop server h06.19.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "linux enterprise server sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.3" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.03" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.10" }, { "model": "enterprise linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "glassfish server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "2.1" }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.6" }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.05" }, { "model": "linux enterprise sdk sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.1" }, { "model": "nonstop server j06.11.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr9-fp2", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0.0" }, { "model": "java system web server", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "virtual desktop infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.2" }, { "model": "nonstop server j06.15", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2011" }, { "model": "messaging application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "glassfish server ur1", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "1.0" }, { "model": "ucosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "ucosminexus developer standard", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "nonstop server h06.21.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jrockit r27.6.7", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "nonstop server h06.20.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.3" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational synergy", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.3" }, { "model": "aura system manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "jrockit r27.6.0", "scope": null, "trust": 0.3, "vendor": "oracle", "version": null }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus application server enterprise )", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "09-80" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.2" }, { "model": "cosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "aura experience portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "glassfish server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.1" }, { "model": "messaging storage server sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "nonstop server j06.05.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java system web server sp3", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "application server 10g r3", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.1.3.5.0" }, { "model": "nonstop server j06.07.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "java system application server", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "8.1" }, { "model": "nonstop server h06.21.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura session manager sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "nonstop server h06.19.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux enterprise java sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.10" }, { "model": "xp p9000 performance advisor", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.4.1" }, { "model": "ucosminexus application server smart edition", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura session manager sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.7" }, { "model": "nonstop server j06.11.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.26.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "cosminexus developer professional", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura presence services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.021" }, { "model": "jdk and jre", "scope": "ne", "trust": 0.3, "vendor": "hp", "version": "7.0.1" }, { "model": "enterprise linux server optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "nonstop server j06.04.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura conferencing sp1 standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "java se sr5", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.0" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.2" }, { "model": "nonstop server j06.04.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "nonstop server j06.06.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus primary server base", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1.1" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.016" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.8" }, { "model": "aura system manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.4" }, { "model": "nonstop server h06.21.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.07" }, { "model": "nonstop server j06.06.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.17.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "call management system r", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.0" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1.1" }, { "model": "aura messaging", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "network node manager i", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "9.1" }, { "model": "aura system platform sp3", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "ucosminexus service platform", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.1" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "jdk 1.6.0 01-b06", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cosminexus developer light", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.2.0.2" }, { "model": "virtual desktop infrastructure", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "3.3" }, { "model": "nonstop server h06.20.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "ucosminexus client", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "conferencing standard edition", "scope": "ne", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "nonstop server j06.10.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "enterprise linux desktop optional", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.17.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "jdk update", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "1.6.017" }, { "model": "enterprise linux hpc node supplementary", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "ucosminexus application server standard-r", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "ip office application server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "7.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "java system web server sp11", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "enterprise linux hpc node", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "6" }, { "model": "nonstop server h06.16.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "rational synergy", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.5" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.4" }, { "model": "aura session manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0.1" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.2" }, { "model": "java system web server sp1", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "nonstop server j06.05.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7" }, { "model": "linux enterprise java sp4", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "11.04" }, { "model": "java se sr1", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7" }, { "model": "nonstop server h06.20.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus developer no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5" }, { "model": "mac os", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.6.1" }, { "model": "nonstop server j06.09.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "aura communication manager utility services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.2" }, { "model": "linux enterprise desktop sp1 for sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "nonstop server h06.17.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.08.03", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "iq", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "aura conferencing standard", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "rational synergy", "scope": "ne", "trust": 0.3, "vendor": "ibm", "version": "7.1.0.6" }, { "model": "nonstop server j06.10.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java system web server sp6", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "6.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.2" }, { "model": "nonstop server h06.25.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server h06.18.01", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "cosminexus application server no version", "scope": "eq", "trust": 0.3, "vendor": "hitachi", "version": "0" }, { "model": "weblogic server", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "10.3.60" }, { "model": "nonstop server h06.27", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "java se sr10", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6" }, { "model": "nonstop server h06.17.00", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "nonstop server j06.14.02", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "mac os server", "scope": "eq", "trust": 0.3, "vendor": "apple", "version": "x10.7.2" } ], "sources": [ { "db": "CERT/CC", "id": "VU#903934" }, { "db": "BID", "id": "51194" }, { "db": "JVNDB", "id": "JVNDB-2011-003567" }, { "db": "CNNVD", "id": "CNNVD-201112-502" }, { "db": "NVD", "id": "CVE-2011-5035" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:apple:mac_os_x", "vulnerable": true }, { "cpe22Uri": "cpe:/o:apple:mac_os_x_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:java_system_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:communications_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:glassfish_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:iplanet_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:jrockit", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:java_system_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:oracle:weblogic_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hp:xp_9000_performance_advisor_software", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_developers_kit_for_java", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:cosminexus_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hirdb_for_java_xml", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:hitachi_developers_kit_for_java", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:processing_kit_for_xml", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_client", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_developer", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_operator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_portal_framework", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_primary_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:hitachi:ucosminexus_service", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:internet_navigware_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_form_coordinator_workflow", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_list_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_list_works", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_shunsaku_data_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_xml_business_activity_recorder", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:serverview", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:success_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_availability_view", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_desktop_inspection", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_change_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_process_master", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_operation_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_runbook_automation", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-003567" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Alexander Klink, n.runs AG and Julian W?lde, Technische Universit?t Darmstadt", "sources": [ { "db": "CNNVD", "id": "CNNVD-201112-500" } ], "trust": 0.6 }, "cve": "CVE-2011-5035", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2011-5035", "impactScore": 2.9, "integrityImpact": "NONE", "severity": "MEDIUM", "trust": 1.9, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-5035", "trust": 1.0, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#903934", "trust": 0.8, "value": "10.80" }, { "author": "NVD", "id": "CVE-2011-5035", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-201112-502", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2011-5035", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#903934" }, { "db": "VULMON", "id": "CVE-2011-5035" }, { "db": "JVNDB", "id": "JVNDB-2011-003567" }, { "db": "CNNVD", "id": "CNNVD-201112-502" }, { "db": "NVD", "id": "CVE-2011-5035" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications Server 2.0, Sun Java System Application Server 8.1 and 8.2, and possibly other products, computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka Oracle security ticket S0104869. Some programming language implementations do not sufficiently randomize their hash functions or provide means to limit key collision attacks, which can be leveraged by an unauthenticated attacker to cause a denial-of-service (DoS) condition. Oracle Glassfish Calculates the hash value of the form parameter without restricting the assumption of hash collision. (CPU Resource consumption ) There is a vulnerability that becomes a condition.A third party can send a large amount of crafted parameters to disrupt service operation. (CPU Resource consumption ) There is a possibility of being put into a state. Oracle GlassFish Server is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue by sending specially crafted forms in HTTP POST requests. \nOracle GlassFish Server 3.1.1 and prior versions are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nAPPLE-SA-2012-04-03-1 Java for OS X 2012-001 and\nJava for Mac OS X 10.6 Update 7\n\nJava for OS X 2012-001 and Java for Mac OS X 10.6 Update 7 is now\navailable and addresses the following:\n\nJava\nAvailable for: Mac OS X v10.6.8, Mac OS X Server v10.6.8,\nOS X Lion v10.7.3, OS X Lion Server v10.7.3\nImpact: Multiple vulnerabilities in Java 1.6.0_29\nDescription: Multiple vulnerabilities exist in Java 1.6.0_29, the\nmost serious of which may allow an untrusted Java applet to execute\narbitrary code outside the Java sandbox. Visiting a web page\ncontaining a maliciously crafted untrusted Java applet may lead to\narbitrary code execution with the privileges of the current user. \nThese issues are addressed by updating to Java version 1.6.0_31. \nFurther information is available via the Java website at http://www.o\nracle.com/technetwork/java/javase/releasenotes-136954.html\nCVE-ID\nCVE-2011-3563\nCVE-2011-5035\nCVE-2012-0497\nCVE-2012-0498\nCVE-2012-0499\nCVE-2012-0500\nCVE-2012-0501\nCVE-2012-0502\nCVE-2012-0503\nCVE-2012-0505\nCVE-2012-0506\nCVE-2012-0507\n\n\nJava for OS X 2012-001 and Java for Mac OS X 10.6 Update 7\nmay be obtained from the Software Update pane in System Preferences,\nor Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nFor Mac OS X v10.6 systems\nThe download file is named: JavaForMacOSX10.6.dmg\nIts SHA-1 digest is: f76807153bc0ca253e4a466a2a8c0abf1e180667\n\nFor OS X Lion systems\nThe download file is named: JavaForOSX.dmg\nIts SHA-1 digest is: 176ac1f8e79b4245301e84b616de5105ccd13e16\n\nInformation will also be posted to the Apple Security Updates\nweb site: http://support.apple.com/kb/HT1222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG/MacGPG2 v2.0.17 (Darwin)\nComment: GPGTools - http://gpgtools.org\n\niQEcBAEBAgAGBQJPezVqAAoJEGnF2JsdZQee7gIIALa7b5hVTKL7kOXF7EYT6wjx\nVnAmxoQbjEwpBkdzPzqqhCQ303/iBdLdHr2O/yxdaX0tFuB+5+4iInPU2t6O+PNh\n7iJ3rhQszzIj5q/qGDXyzIQEjurNfvrEKAxQ3T7uj1At+n/9YVBaw8p6i+HopbRc\nFo6Jrxy0Qf/MyeGO4lqxht2Aq8omh+pEBNP68EglqrJp/CjZTYGaFAHVGvnm8/gA\nwjcpIRQBacXcBCJ3K8pZhuQvXhm+GVLWYgc2KGsZ/l7jbQX5Bi67b7CFf7lBHlyd\nV7ss6N/0T/O3nspdhg+jhnvcaia1Ow3GikC/707NNkM8Dm3lm0DFVMBBgpNvPcU=\n=Pf96\n-----END PGP SIGNATURE-----\n. \n\nBackground\n==========\n\nIcedTea is a distribution of the Java OpenJDK source code built with\nfree build tools. ============================================================================\nUbuntu Security Notice USN-1373-2\nMarch 01, 2012\n\nopenjdk-6b18 vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 11.04\n- Ubuntu 10.10\n- Ubuntu 10.04 LTS\n\nSummary:\n\nMultiple vulnerabilities in OpenJDK 6 for the ARM architecture have\nbeen fixed. \n\nSoftware Description:\n- openjdk-6b18: Open Source Java implementation\n\nDetails:\n\nUSN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS,\nUbuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM\n(armel). This provides the corresponding OpenJDK 6 update for use\nwith the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10\nand Ubuntu 11.04. A remote attacker could\n cause a denial of service by sending special requests that trigger\n hash collisions predictably. This may be increased\n by adjusting the sun.net.httpserver.maxReqHeaders property. (CVE-2012-0497)\n \n It was discovered that an off-by-one error exists in the Java ZIP\n file processing code. An attacker could us this to cause a denial of\n service through a maliciously crafted ZIP file. (CVE-2012-0507)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 11.04:\n icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~11.04.1\n icedtea-6-jre-jamvm 6b18-1.8.13-0ubuntu1~11.04.1\n openjdk-6-jre 6b18-1.8.13-0ubuntu1~11.04.1\n openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~11.04.1\n openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~11.04.1\n\nUbuntu 10.10:\n icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~10.10.1\n openjdk-6-jre 6b18-1.8.13-0ubuntu1~10.10.1\n openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~10.10.1\n openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~10.10.1\n\nUbuntu 10.04 LTS:\n icedtea-6-jre-cacao 6b18-1.8.13-0ubuntu1~10.04.1\n openjdk-6-jre 6b18-1.8.13-0ubuntu1~10.04.1\n openjdk-6-jre-headless 6b18-1.8.13-0ubuntu1~10.04.1\n openjdk-6-jre-zero 6b18-1.8.13-0ubuntu1~10.04.1\n\nAfter a standard system update you need to restart any Java applications\nor applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNote: the current version of the following document is available here:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c03350339\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c03350339\nVersion: 1\n\nHPSBUX02784 SSRT100871 rev.1 - HP-UX Running Java, Remote Unauthorized\nAccess, Disclosure of Information, and Other Vulnerabilities\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2012-05-30\nLast Updated: 2012-05-29\n\n- -----------------------------------------------------------------------------\n\nPotential Security Impact: Remote unauthorized access, disclosure of\ninformation, and other vulnerabilities\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nPotential security vulnerabilities have been identified in Java Runtime\nEnvironment (JRE) and Java Developer Kit (JDK) running on HP-UX. These\nvulnerabilities could allow remote unauthorized access, disclosure of\ninformation, and other vulnerabilities. \n\nReferences: CVE-2011-3563, CVE-2011-5035, CVE-2012-0497, CVE-2012-0498,\nCVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503,\nCVE-2012-0504, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.23, B.11.31 running HP JDK and JRE 7.0.0\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2011-3563 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2011-5035 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-0497 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0498 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0499 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0500 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\nCVE-2012-0501 (AV:N/AC:L/Au:N/C:N/I:N/A:P) 5.0\nCVE-2012-0502 (AV:N/AC:L/Au:N/C:P/I:N/A:P) 6.4\nCVE-2012-0503 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0504 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3\nCVE-2012-0505 (AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.5\nCVE-2012-0506 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3\nCVE-2012-0507 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following Java version upgrade to resolve these\nvulnerabilities. \nThe upgrade is available from the following location\n\nhttp://www.hp.com/go/java\n\nHP-UX B.11.23, B.11.31\n JDK and JRE v7.0.01 or subsequent\n\nMANUAL ACTIONS: Yes - Update\nFor Java v7.0.0, update to Java v7.0.01 or subsequent\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application\nthat replaces HP-UX Security Patch Check. It analyzes all Security Bulletins\nissued by HP and lists recommended actions that may apply to a specific HP-UX\nsystem. It can also download patches and create a depot automatically. For\nmore information see https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.23\nHP-UX B.11.31\n===========\nJdk70.JDK70-COM\nJdk70.JDK70-DEMO\nJdk70.JDK70-IPF32\nJdk70.JDK70-IPF64\nJre70.JRE70-COM\nJre70.JRE70-IPF32\nJre70.JRE70-IPF32-HS\nJre70.JRE70-IPF64\nJre70.JRE70-IPF64-HS\naction: install revision 1.7.0.01 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 30 May 2012 Initial release\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running HP software products should be applied in\naccordance with the customer\u0027s patch management policy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HP Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com. \n\nReport: To report a potential security vulnerability with any HP supported\nproduct, send Email to: security-alert@hp.com\n\nSubscribe: To initiate a subscription to receive future HP Security Bulletin\nalerts via Email:\nhttp://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins\n\nSecurity Bulletin List: A list of HP Security Bulletins, updated\nperiodically, is contained in HP Security Notice HPSN-2011-001:\nhttps://h20566.www2.hp.com/portal/site/hpsc/public/kb/\ndocDisplay?docId=emr_na-c02964430\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here:\nhttp://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HP General Software\nHF = HP Hardware and Firmware\nMP = MPE/iX\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPI = Printing and Imaging\nPV = ProCurve\nST = Storage Software\nTU = Tru64 UNIX\nUX = HP-UX\n\nCopyright 2012 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. The information provided is provided \"as is\"\nwithout warranty of any kind. To the extent permitted by law, neither HP or\nits affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits;damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. \nHewlett-Packard Company and the names of Hewlett-Packard products referenced\nherein are trademarks of Hewlett-Packard Company in the United States and\nother countries. Other product and company names mentioned herein may be\ntrademarks of their respective owners. \n \n Fix in AtomicReferenceArray (CVE-2011-3571). \n \n Multiple unspecified vulnerabilities allows remote attackers to affect\n confidentiality, integrity, and availability via unknown vectors\n (CVE-2012-0498. CVE-2012-0499, CVE-2012-0500). \n \n Issues with some KeyboardFocusManager method (CVE-2012-0502). \n \n Issues with TimeZone class (CVE-2012-0503). \n \n Enhance exception throwing mechanism in ObjectStreamClass\n (CVE-2012-0505). \n \n Issues with some method in corba (CVE-2012-0506). The verification\n of md5 checksums and GPG signatures is performed automatically for you. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niD8DBQFPPnJ1mqjQ0CJFipgRAsShAJ9uLjzWi9Y8x/myvScmQfUPwRh8RACg22f9\nNSDNWCT+JqEyYHUExPAwR58=\n=cwgS\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201401-30\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Oracle JRE/JDK: Multiple vulnerabilities\n Date: January 27, 2014\n Bugs: #404071, #421073, #433094, #438706, #451206, #455174,\n #458444, #460360, #466212, #473830, #473980, #488210, #498148\n ID: 201401-30\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in the Oracle JRE/JDK,\nallowing attackers to cause unspecified impact. \n\nBackground\n==========\n\nThe Oracle Java Development Kit (JDK) (formerly known as Sun JDK) and\nthe Oracle Java Runtime Environment (JRE) (formerly known as Sun JRE)\nprovide the Oracle Java platform (formerly known as Sun Java Platform). \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-java/sun-jdk \u003c= 1.6.0.45 Vulnerable!\n 2 dev-java/oracle-jdk-bin \u003c 1.7.0.51 \u003e= 1.7.0.51 *\n 3 dev-java/sun-jre-bin \u003c= 1.6.0.45 Vulnerable!\n 4 dev-java/oracle-jre-bin \u003c 1.7.0.51 \u003e= 1.7.0.51 *\n 5 app-emulation/emul-linux-x86-java\n \u003c 1.7.0.51 \u003e= 1.7.0.51 *\n -------------------------------------------------------------------\n NOTE: Certain packages are still vulnerable. Users should migrate\n to another package if one is available or wait for the\n existing packages to be marked stable by their\n architecture maintainers. \n -------------------------------------------------------------------\n NOTE: Packages marked with asterisks require manual intervention!\n -------------------------------------------------------------------\n 5 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been reported in the Oracle Java\nimplementation. Please review the CVE identifiers referenced below for\ndetails. \n\nImpact\n======\n\nAn unauthenticated, remote attacker could exploit these vulnerabilities\nto execute arbitrary code. \nFurthermore, a local or remote attacker could exploit these\nvulnerabilities to cause unspecified impact, possibly including remote\nexecution of arbitrary code. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Oracle JDK 1.7 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/oracle-jdk-bin-1.7.0.51\"\n\nAll Oracle JRE 1.7 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=dev-java/oracle-jre-bin-1.7.0.51\"\n\nAll users of the precompiled 32-bit Oracle JRE should upgrade to the\nlatest version:\n\n # emerge --sync\n # emerge -a -1 -v \"\u003e=app-emulation/emul-linux-x86-java-1.7.0.51\"\n\nAll Sun Microsystems JDK/JRE 1.6 users are suggested to upgrade to one\nof the newer Oracle packages like dev-java/oracle-jdk-bin or\ndev-java/oracle-jre-bin or choose another alternative we provide; eg. \nthe IBM JDK/JRE or the open source IcedTea. \n\nNOTE: As Oracle has revoked the DLJ license for its Java\nimplementation, the packages can no longer be updated automatically. \n\nReferences\n==========\n\n[ 1 ] CVE-2011-3563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3563\n[ 2 ] CVE-2011-5035\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-5035\n[ 3 ] CVE-2012-0497\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0497\n[ 4 ] CVE-2012-0498\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0498\n[ 5 ] CVE-2012-0499\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0499\n[ 6 ] CVE-2012-0500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0500\n[ 7 ] CVE-2012-0501\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0501\n[ 8 ] CVE-2012-0502\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0502\n[ 9 ] CVE-2012-0503\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0503\n[ 10 ] CVE-2012-0504\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0504\n[ 11 ] CVE-2012-0505\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0505\n[ 12 ] CVE-2012-0506\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0506\n[ 13 ] CVE-2012-0507\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0507\n[ 14 ] CVE-2012-0547\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0547\n[ 15 ] CVE-2012-1531\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1531\n[ 16 ] CVE-2012-1532\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1532\n[ 17 ] CVE-2012-1533\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1533\n[ 18 ] CVE-2012-1541\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1541\n[ 19 ] CVE-2012-1682\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1682\n[ 20 ] CVE-2012-1711\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1711\n[ 21 ] CVE-2012-1713\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1713\n[ 22 ] CVE-2012-1716\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1716\n[ 23 ] CVE-2012-1717\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1717\n[ 24 ] CVE-2012-1718\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1718\n[ 25 ] CVE-2012-1719\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1719\n[ 26 ] CVE-2012-1721\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1721\n[ 27 ] CVE-2012-1722\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1722\n[ 28 ] CVE-2012-1723\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1723\n[ 29 ] CVE-2012-1724\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1724\n[ 30 ] CVE-2012-1725\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1725\n[ 31 ] CVE-2012-1726\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1726\n[ 32 ] CVE-2012-3136\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3136\n[ 33 ] CVE-2012-3143\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3143\n[ 34 ] CVE-2012-3159\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3159\n[ 35 ] CVE-2012-3174\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3174\n[ 36 ] CVE-2012-3213\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3213\n[ 37 ] CVE-2012-3216\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3216\n[ 38 ] CVE-2012-3342\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3342\n[ 39 ] CVE-2012-4416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4416\n[ 40 ] CVE-2012-4681\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4681\n[ 41 ] CVE-2012-5067\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5067\n[ 42 ] CVE-2012-5068\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5068\n[ 43 ] CVE-2012-5069\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5069\n[ 44 ] CVE-2012-5070\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5070\n[ 45 ] CVE-2012-5071\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5071\n[ 46 ] CVE-2012-5072\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5072\n[ 47 ] CVE-2012-5073\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5073\n[ 48 ] CVE-2012-5074\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5074\n[ 49 ] CVE-2012-5075\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5075\n[ 50 ] CVE-2012-5076\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5076\n[ 51 ] CVE-2012-5077\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5077\n[ 52 ] CVE-2012-5079\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5079\n[ 53 ] CVE-2012-5081\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5081\n[ 54 ] CVE-2012-5083\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5083\n[ 55 ] CVE-2012-5084\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5084\n[ 56 ] CVE-2012-5085\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5085\n[ 57 ] CVE-2012-5086\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5086\n[ 58 ] CVE-2012-5087\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5087\n[ 59 ] CVE-2012-5088\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5088\n[ 60 ] CVE-2012-5089\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5089\n[ 61 ] CVE-2013-0169\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0169\n[ 62 ] CVE-2013-0351\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0351\n[ 63 ] CVE-2013-0401\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0401\n[ 64 ] CVE-2013-0402\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0402\n[ 65 ] CVE-2013-0409\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0409\n[ 66 ] CVE-2013-0419\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0419\n[ 67 ] CVE-2013-0422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0422\n[ 68 ] CVE-2013-0423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0423\n[ 69 ] CVE-2013-0430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0430\n[ 70 ] CVE-2013-0437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0437\n[ 71 ] CVE-2013-0438\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0438\n[ 72 ] CVE-2013-0445\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0445\n[ 73 ] CVE-2013-0446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0446\n[ 74 ] CVE-2013-0448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0448\n[ 75 ] CVE-2013-0449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0449\n[ 76 ] CVE-2013-0809\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0809\n[ 77 ] CVE-2013-1473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1473\n[ 78 ] CVE-2013-1479\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1479\n[ 79 ] CVE-2013-1481\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1481\n[ 80 ] CVE-2013-1484\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1484\n[ 81 ] CVE-2013-1485\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1485\n[ 82 ] CVE-2013-1486\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1486\n[ 83 ] CVE-2013-1487\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1487\n[ 84 ] CVE-2013-1488\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1488\n[ 85 ] CVE-2013-1491\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1491\n[ 86 ] CVE-2013-1493\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1493\n[ 87 ] CVE-2013-1500\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1500\n[ 88 ] CVE-2013-1518\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1518\n[ 89 ] CVE-2013-1537\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1537\n[ 90 ] CVE-2013-1540\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1540\n[ 91 ] CVE-2013-1557\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1557\n[ 92 ] CVE-2013-1558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1558\n[ 93 ] CVE-2013-1561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1561\n[ 94 ] CVE-2013-1563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1563\n[ 95 ] CVE-2013-1564\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1564\n[ 96 ] CVE-2013-1569\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1569\n[ 97 ] CVE-2013-1571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1571\n[ 98 ] CVE-2013-2383\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2383\n[ 99 ] CVE-2013-2384\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2384\n[ 100 ] CVE-2013-2394\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2394\n[ 101 ] CVE-2013-2400\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2400\n[ 102 ] CVE-2013-2407\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2407\n[ 103 ] CVE-2013-2412\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2412\n[ 104 ] CVE-2013-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2414\n[ 105 ] CVE-2013-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2415\n[ 106 ] CVE-2013-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2416\n[ 107 ] CVE-2013-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2417\n[ 108 ] CVE-2013-2418\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2418\n[ 109 ] CVE-2013-2419\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2419\n[ 110 ] CVE-2013-2420\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2420\n[ 111 ] CVE-2013-2421\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2421\n[ 112 ] CVE-2013-2422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2422\n[ 113 ] CVE-2013-2423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2423\n[ 114 ] CVE-2013-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2424\n[ 115 ] CVE-2013-2425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2425\n[ 116 ] CVE-2013-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2426\n[ 117 ] CVE-2013-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2427\n[ 118 ] CVE-2013-2428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2428\n[ 119 ] CVE-2013-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2429\n[ 120 ] CVE-2013-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2430\n[ 121 ] CVE-2013-2431\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2431\n[ 122 ] CVE-2013-2432\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2432\n[ 123 ] CVE-2013-2433\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2433\n[ 124 ] CVE-2013-2434\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2434\n[ 125 ] CVE-2013-2435\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2435\n[ 126 ] CVE-2013-2436\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2436\n[ 127 ] CVE-2013-2437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2437\n[ 128 ] CVE-2013-2438\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2438\n[ 129 ] CVE-2013-2439\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2439\n[ 130 ] CVE-2013-2440\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2440\n[ 131 ] CVE-2013-2442\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2442\n[ 132 ] CVE-2013-2443\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2443\n[ 133 ] CVE-2013-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2444\n[ 134 ] CVE-2013-2445\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2445\n[ 135 ] CVE-2013-2446\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2446\n[ 136 ] CVE-2013-2447\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2447\n[ 137 ] CVE-2013-2448\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2448\n[ 138 ] CVE-2013-2449\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2449\n[ 139 ] CVE-2013-2450\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2450\n[ 140 ] CVE-2013-2451\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2451\n[ 141 ] CVE-2013-2452\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2452\n[ 142 ] CVE-2013-2453\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2453\n[ 143 ] CVE-2013-2454\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2454\n[ 144 ] CVE-2013-2455\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2455\n[ 145 ] CVE-2013-2456\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2456\n[ 146 ] CVE-2013-2457\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2457\n[ 147 ] CVE-2013-2458\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2458\n[ 148 ] CVE-2013-2459\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2459\n[ 149 ] CVE-2013-2460\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2460\n[ 150 ] CVE-2013-2461\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2461\n[ 151 ] CVE-2013-2462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2462\n[ 152 ] CVE-2013-2463\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2463\n[ 153 ] CVE-2013-2464\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2464\n[ 154 ] CVE-2013-2465\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2465\n[ 155 ] CVE-2013-2466\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2466\n[ 156 ] CVE-2013-2467\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2467\n[ 157 ] CVE-2013-2468\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2468\n[ 158 ] CVE-2013-2469\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2469\n[ 159 ] CVE-2013-2470\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2470\n[ 160 ] CVE-2013-2471\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2471\n[ 161 ] CVE-2013-2472\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2472\n[ 162 ] CVE-2013-2473\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2473\n[ 163 ] CVE-2013-3743\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3743\n[ 164 ] CVE-2013-3744\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3744\n[ 165 ] CVE-2013-3829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3829\n[ 166 ] CVE-2013-5772\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5772\n[ 167 ] CVE-2013-5774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5774\n[ 168 ] CVE-2013-5775\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5775\n[ 169 ] CVE-2013-5776\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5776\n[ 170 ] CVE-2013-5777\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5777\n[ 171 ] CVE-2013-5778\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5778\n[ 172 ] CVE-2013-5780\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5780\n[ 173 ] CVE-2013-5782\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5782\n[ 174 ] CVE-2013-5783\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5783\n[ 175 ] CVE-2013-5784\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5784\n[ 176 ] CVE-2013-5787\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5787\n[ 177 ] CVE-2013-5788\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5788\n[ 178 ] CVE-2013-5789\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5789\n[ 179 ] CVE-2013-5790\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5790\n[ 180 ] CVE-2013-5797\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5797\n[ 181 ] CVE-2013-5800\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5800\n[ 182 ] CVE-2013-5801\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5801\n[ 183 ] CVE-2013-5802\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5802\n[ 184 ] CVE-2013-5803\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5803\n[ 185 ] CVE-2013-5804\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5804\n[ 186 ] CVE-2013-5805\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5805\n[ 187 ] CVE-2013-5806\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5806\n[ 188 ] CVE-2013-5809\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5809\n[ 189 ] CVE-2013-5810\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5810\n[ 190 ] CVE-2013-5812\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5812\n[ 191 ] CVE-2013-5814\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5814\n[ 192 ] CVE-2013-5817\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5817\n[ 193 ] CVE-2013-5818\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5818\n[ 194 ] CVE-2013-5819\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5819\n[ 195 ] CVE-2013-5820\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5820\n[ 196 ] CVE-2013-5823\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5823\n[ 197 ] CVE-2013-5824\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5824\n[ 198 ] CVE-2013-5825\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5825\n[ 199 ] CVE-2013-5829\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5829\n[ 200 ] CVE-2013-5830\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5830\n[ 201 ] CVE-2013-5831\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5831\n[ 202 ] CVE-2013-5832\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5832\n[ 203 ] CVE-2013-5838\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5838\n[ 204 ] CVE-2013-5840\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5840\n[ 205 ] CVE-2013-5842\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5842\n[ 206 ] CVE-2013-5843\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5843\n[ 207 ] CVE-2013-5844\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5844\n[ 208 ] CVE-2013-5846\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5846\n[ 209 ] CVE-2013-5848\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5848\n[ 210 ] CVE-2013-5849\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5849\n[ 211 ] CVE-2013-5850\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5850\n[ 212 ] CVE-2013-5851\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5851\n[ 213 ] CVE-2013-5852\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5852\n[ 214 ] CVE-2013-5854\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5854\n[ 215 ] CVE-2013-5870\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5870\n[ 216 ] CVE-2013-5878\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5878\n[ 217 ] CVE-2013-5887\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5887\n[ 218 ] CVE-2013-5888\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5888\n[ 219 ] CVE-2013-5889\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5889\n[ 220 ] CVE-2013-5893\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5893\n[ 221 ] CVE-2013-5895\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5895\n[ 222 ] CVE-2013-5896\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5896\n[ 223 ] CVE-2013-5898\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5898\n[ 224 ] CVE-2013-5899\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5899\n[ 225 ] CVE-2013-5902\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5902\n[ 226 ] CVE-2013-5904\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5904\n[ 227 ] CVE-2013-5905\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5905\n[ 228 ] CVE-2013-5906\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5906\n[ 229 ] CVE-2013-5907\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5907\n[ 230 ] CVE-2013-5910\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5910\n[ 231 ] CVE-2014-0368\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0368\n[ 232 ] CVE-2014-0373\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0373\n[ 233 ] CVE-2014-0375\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0375\n[ 234 ] CVE-2014-0376\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0376\n[ 235 ] CVE-2014-0382\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0382\n[ 236 ] CVE-2014-0385\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0385\n[ 237 ] CVE-2014-0387\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0387\n[ 238 ] CVE-2014-0403\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0403\n[ 239 ] CVE-2014-0408\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0408\n[ 240 ] CVE-2014-0410\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0410\n[ 241 ] CVE-2014-0411\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0411\n[ 242 ] CVE-2014-0415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0415\n[ 243 ] CVE-2014-0416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0416\n[ 244 ] CVE-2014-0417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0417\n[ 245 ] CVE-2014-0418\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0418\n[ 246 ] CVE-2014-0422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0422\n[ 247 ] CVE-2014-0423\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0423\n[ 248 ] CVE-2014-0424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0424\n[ 249 ] CVE-2014-0428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0428\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201401-30.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2014 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ----------------------------------------------------------------------\n\nSecunia is hiring!\n\nFind your next job here:\n\nhttp://secunia.com/company/jobs/\n\n----------------------------------------------------------------------\n\nTITLE:\nOracle Multiple Products Web Form Hash Collision Denial of Service\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA47819\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/47819/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47819\n\nRELEASE DATE:\n2012-02-01\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/47819/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/47819/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47819\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in multiple Oracle products, which\ncan be exploited by malicious people to cause a DoS (Denial of\nService). \n\nThe vulnerability is caused due to an error within a hash generation\nfunction when hashing form posts and updating a hash table. \n\nThe vulnerability is reported in the following products:\n* Oracle Application Server 10g Release 3 version 10.1.3.5.0. \n* Oracle iPlanet Web Server 7.0. \n* Oracle iPlanet Web Server (formerly Oracle Java System Web Server)\n6.1. \n\nSOLUTION:\nApply patch. \n\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: java-1.6.0-openjdk security update\nAdvisory ID: RHSA-2012:0322-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0322.html\nIssue date: 2012-02-21\nCVE Names: CVE-2011-3563 CVE-2011-3571 CVE-2011-5035 \n CVE-2012-0497 CVE-2012-0501 CVE-2012-0502 \n CVE-2012-0503 CVE-2012-0505 CVE-2012-0506 \n=====================================================================\n\n1. Summary:\n\nUpdated java-1.6.0-openjdk packages that fix several security issues are\nnow available for Red Hat Enterprise Linux 5. \n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. Common Vulnerability Scoring System (CVSS) base\nscores, which give detailed severity ratings, are available for each\nvulnerability from the CVE links in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux (v. 5 server) - i386, x86_64\nRed Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64\n\n3. Description:\n\nThese packages provide the OpenJDK 6 Java Runtime Environment and the\nOpenJDK 6 Software Development Kit. \n\nIt was discovered that Java2D did not properly check graphics rendering\nobjects before passing them to the native renderer. Malicious input, or an\nuntrusted Java application or applet could use this flaw to crash the Java\nVirtual Machine (JVM), or bypass Java sandbox restrictions. (CVE-2012-0497)\n\nIt was discovered that the exception thrown on deserialization failure did\nnot always contain a proper identification of the cause of the failure. An\nuntrusted Java application or applet could use this flaw to bypass Java\nsandbox restrictions. (CVE-2012-0505)\n\nThe AtomicReferenceArray class implementation did not properly check if\nthe array was of the expected Object[] type. A malicious Java application\nor applet could use this flaw to bypass Java sandbox restrictions. \n(CVE-2011-3571)\n\nIt was discovered that the use of TimeZone.setDefault() was not restricted\nby the SecurityManager, allowing an untrusted Java application or applet to\nset a new default time zone, and hence bypass Java sandbox restrictions. \n(CVE-2012-0503)\n\nThe HttpServer class did not limit the number of headers read from HTTP\nrequests. A remote attacker could use this flaw to make an application\nusing HttpServer use an excessive amount of CPU time via a\nspecially-crafted request. This update introduces a header count limit\ncontrolled using the sun.net.httpserver.maxReqHeaders property. The default\nvalue is 200. (CVE-2011-5035)\n\nThe Java Sound component did not properly check buffer boundaries. \nMalicious input, or an untrusted Java application or applet could use this\nflaw to cause the Java Virtual Machine (JVM) to crash or disclose a portion\nof its memory. (CVE-2011-3563)\n\nA flaw was found in the AWT KeyboardFocusManager that could allow an\nuntrusted Java application or applet to acquire keyboard focus and possibly\nsteal sensitive information. (CVE-2012-0502)\n\nIt was discovered that the CORBA (Common Object Request Broker\nArchitecture) implementation in Java did not properly protect repository\nidentifiers on certain CORBA objects. This could have been used to modify\nimmutable object data. (CVE-2012-0506)\n\nAn off-by-one flaw, causing a stack overflow, was found in the unpacker for\nZIP files. A specially-crafted ZIP archive could cause the Java Virtual\nMachine (JVM) to crash when opened. (CVE-2012-0501)\n\nThis erratum also upgrades the OpenJDK package to IcedTea6 1.10.6. Refer to\nthe NEWS file, linked to in the References, for further information. \n\nAll users of java-1.6.0-openjdk are advised to upgrade to these updated\npackages, which resolve these issues. All running instances of OpenJDK Java\nmust be restarted for the update to take effect. \n\n4. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n788606 - CVE-2011-5035 OpenJDK: HttpServer no header count limit (Lightweight HTTP Server, 7126960)\n788624 - CVE-2012-0501 OpenJDK: off-by-one bug in ZIP reading code (JRE, 7118283)\n788976 - CVE-2012-0503 OpenJDK: unrestricted use of TimeZone.setDefault() (i18n, 7110687)\n788994 - CVE-2011-3571 OpenJDK: AtomicReferenceArray insufficient array type check (Concurrency, 7082299)\n789295 - CVE-2011-3563 OpenJDK: JavaSound incorrect bounds check (Sound, 7088367)\n789297 - CVE-2012-0502 OpenJDK: KeyboardFocusManager focus stealing (AWT, 7110683)\n789299 - CVE-2012-0505 OpenJDK: incomplete info in the deserialization exception (Serialization, 7110700)\n789300 - CVE-2012-0506 OpenJDK: mutable repository identifiers (CORBA, 7110704)\n789301 - CVE-2012-0497 OpenJDK: insufficient checking of the graphics rendering object (2D, 7112642)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop (v. 5 client):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\n\nRed Hat Enterprise Linux (v. 5 server):\n\nSource:\nftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/java-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.src.rpm\n\ni386:\njava-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.i386.rpm\n\nx86_64:\njava-1.6.0-openjdk-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\njava-1.6.0-openjdk-debuginfo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\njava-1.6.0-openjdk-demo-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\njava-1.6.0-openjdk-devel-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\njava-1.6.0-openjdk-javadoc-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\njava-1.6.0-openjdk-src-1.6.0.0-1.25.1.10.6.el5_8.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and \ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2011-3563.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-3571.html\nhttps://www.redhat.com/security/data/cve/CVE-2011-5035.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0497.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0501.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0502.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0503.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0505.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0506.html\nhttps://access.redhat.com/security/updates/classification/#important\nhttp://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/NEWS\nhttp://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.4 (GNU/Linux)\n\niD8DBQFPRBvTXlSAg2UNWIIRArkfAJ9B74k5cUjTIZGepTvbu+3kEcMpIgCgo2FR\neIi8N5jfo4lIBLPu4EKFpVo=\n=ChsF\n-----END PGP SIGNATURE-----\n\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n", "sources": [ { "db": "NVD", "id": "CVE-2011-5035" }, { "db": "CERT/CC", "id": "VU#903934" }, { "db": "JVNDB", "id": "JVNDB-2011-003567" }, { "db": "BID", "id": "51194" }, { "db": "VULMON", "id": "CVE-2011-5035" }, { "db": "PACKETSTORM", "id": "110181" }, { "db": "PACKETSTORM", "id": "111594" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "112144" }, { "db": "PACKETSTORM", "id": "110365" }, { "db": "PACKETSTORM", "id": "113170" }, { "db": "PACKETSTORM", "id": "109918" }, { "db": "PACKETSTORM", "id": "124943" }, { "db": "PACKETSTORM", "id": "109353" }, { "db": "PACKETSTORM", "id": "110035" } ], "trust": 3.6 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=2012", "trust": 0.1, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-5035" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-5035", "trust": 3.8 }, { "db": "CERT/CC", "id": "VU#903934", "trust": 3.3 }, { "db": "OCERT", "id": "OCERT-2011-003", "trust": 2.8 }, { "db": "SECUNIA", "id": "48589", "trust": 1.1 }, { "db": "SECUNIA", "id": "57126", "trust": 1.1 }, { "db": "SECUNIA", "id": "48073", "trust": 1.1 }, { "db": "SECUNIA", "id": "48074", "trust": 1.1 }, { "db": "SECUNIA", "id": "48950", "trust": 1.1 }, { "db": "BID", "id": "51194", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-003567", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201112-500", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19347", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19819", "trust": 0.6 }, { "db": "NSFOCUS", "id": "19290", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201112-502", "trust": 0.6 }, { "db": "HITACHI", "id": "HS12-007", "trust": 0.3 }, { "db": "SECUNIA", "id": "47819", "trust": 0.2 }, { "db": "EXPLOIT-DB", "id": "2012", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2011-5035", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110181", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111594", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "127267", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "112144", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110365", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "113170", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109918", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "124943", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109353", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "110035", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#903934" }, { "db": "VULMON", "id": "CVE-2011-5035" }, { "db": "BID", "id": "51194" }, { "db": "JVNDB", "id": "JVNDB-2011-003567" }, { "db": "PACKETSTORM", "id": "110181" }, { "db": "PACKETSTORM", "id": "111594" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "112144" }, { "db": "PACKETSTORM", "id": "110365" }, { "db": "PACKETSTORM", "id": "113170" }, { "db": "PACKETSTORM", "id": "109918" }, { "db": "PACKETSTORM", "id": "124943" }, { "db": "PACKETSTORM", "id": "109353" }, { "db": "PACKETSTORM", "id": "110035" }, { "db": "CNNVD", "id": "CNNVD-201112-500" }, { "db": "CNNVD", "id": "CNNVD-201112-502" }, { "db": "NVD", "id": "CVE-2011-5035" } ] }, "id": "VAR-201112-0123", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.26205936 }, "last_update_date": "2024-11-27T21:02:28.039000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT5228", "trust": 0.8, "url": "http://support.apple.com/kb/HT5228" }, { "title": "HT1338", "trust": 0.8, "url": "http://support.apple.com/kb/HT1338?viewlocale=ja_JP" }, { "title": "HT5228", "trust": 0.8, "url": "http://support.apple.com/kb/HT5228?viewlocale=ja_JP" }, { "title": "HS12-007", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-007/index.html" }, { "title": "HPSBST02955 SSRT101157", "trust": 0.8, "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en\u0026cc=us\u0026objectID=c04047415" }, { "title": "Text Form of Oracle Critical Patch Update - January 2013 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013verbose-1897756.html" }, { "title": "Oracle Critical Patch Update Advisory - April 2012", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" }, { "title": "Oracle Critical Patch Update Advisory - January 2012", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" }, { "title": "Oracle Critical Patch Update Advisory - January 2013", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" }, { "title": "Oracle Security Alert for CVE-2011-5035", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html" }, { "title": "RHSA-2013:1455", "trust": 0.8, "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" }, { "title": "January 2012 Critical Patch Update Released", "trust": 0.8, "url": "http://blogs.oracle.com/security/entry/january_2012_critical_patch_update" }, { "title": "January 2013 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/january_2013_critical_patch_update" }, { "title": "interstage_as_201201", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201201.html" }, { "title": "HS12-007", "trust": 0.8, "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-007/index.html" }, { "title": "Red Hat: Important: java-1.6.0-openjdk security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120322 - Security Advisory" }, { "title": "Red Hat: Critical: java-1.6.0-openjdk security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120135 - Security Advisory" }, { "title": "Red Hat: Critical: java-1.6.0-sun security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120139 - Security Advisory" }, { "title": "Red Hat: Critical: java-1.6.0-ibm security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20120514 - Security Advisory" }, { "title": "Ubuntu Security Notice: openjdk-6b18 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1373-2" }, { "title": "Ubuntu Security Notice: openjdk-6 vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-1373-1" }, { "title": "Amazon Linux AMI: ALAS-2012-043", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2012-043" }, { "title": "Red Hat: Low: Red Hat Network Satellite server IBM Java Runtime security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20131455 - Security Advisory" }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/oracle-patches-88-vulnerabilities-including-some-allow-remote-exploits-without-authentication/76457/" }, { "title": "welivesecurity", "trust": 0.1, "url": "https://www.welivesecurity.com/2012/04/05/mac-flashback-trojan-java-update/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2011-5035" }, { "db": "JVNDB", "id": "JVNDB-2011-003567" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-003567" }, { "db": "NVD", "id": "CVE-2011-5035" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "http://www.ocert.org/advisories/ocert-2011-003.html" }, { "trust": 2.8, "url": "http://www.nruns.com/_downloads/advisory28122011.pdf" }, { "trust": 2.5, "url": "http://www.kb.cert.org/vuls/id/903934" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" }, { "trust": 1.4, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" }, { "trust": 1.2, "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "trust": 1.2, "url": "http://rhn.redhat.com/errata/rhsa-2012-0514.html" }, { "trust": 1.1, "url": "https://github.com/firefart/hashcollision-dos-poc/blob/master/hashtablepoc.py" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48589" }, { "trust": 1.1, "url": "http://archives.neohapsis.com/archives/bugtraq/2011-12/0181.html" }, { "trust": 1.1, "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48950" }, { "trust": 1.1, "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2013:150" }, { "trust": 1.1, "url": "http://rhn.redhat.com/errata/rhsa-2013-1455.html" }, { "trust": 1.1, "url": "http://www.debian.org/security/2012/dsa-2420" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=139344343412337\u0026w=2" }, { "trust": 1.1, "url": "http://secunia.com/advisories/57126" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254957702612\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133364885411663\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=133847939902305\u0026w=2" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a16908" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=134254866602253\u0026w=2" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00010.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48073" }, { "trust": 1.1, "url": "http://secunia.com/advisories/48074" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-5035" }, { "trust": 0.8, "url": "http://www.cs.rice.edu/~scrosby/hash/crosbywallach_usenixsec2003.pdf" }, { "trust": 0.8, "url": "http://technet.microsoft.com/en-us/security/bulletin/ms11-100.mspx" }, { "trust": 0.8, "url": "http://blogs.technet.com/b/srd/archive/2011/12/27/more-information-about-the-december-2011-asp-net-vulnerability.aspx" }, { "trust": 0.8, "url": "http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-talk/391606" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20120106-web.html" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu903934" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu514315/" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-5035" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0505" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0497" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0503" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0501" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-5035" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3563" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0506" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0502" }, { "trust": 0.7, "url": "http://www.securityfocus.com/bid/51194" }, { "trust": 0.7, "url": "http://www.ibm.com/developerworks/java/jdk/alerts/" }, { "trust": 0.6, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0507" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19347" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19290" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/19819" }, { "trust": 0.5, "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0499" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0500" }, { "trust": 0.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0498" }, { "trust": 0.4, "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2011-5035-1506603.html" }, { "trust": 0.3, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03350339" }, { "trust": 0.3, "url": "http://www.oracle.com/us/products/middleware/application-server/oracle-glassfish-server/index.html" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm59971" }, { "trust": 0.3, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm59978" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100159245" }, { "trust": 0.3, "url": "http://downloads.avaya.com/css/p8/documents/100160575" }, { "trust": 0.3, "url": "https://downloads.avaya.com/css/p8/documents/100160941" }, { "trust": 0.3, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03254184\u0026ac.admitted=1332960372864.876444892.199480143" }, { "trust": 0.3, "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03254184\u0026ac.admitted=1333452463922.876444892.492883150" }, { "trust": 0.3, "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs12-007/index.html" }, { "trust": 0.2, "url": "http://www.ubuntu.com/usn/usn-1373-1" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2469" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2443" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1717" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1716" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0505" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1518" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2419" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3829" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5829" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5804" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1485" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5806" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5087" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2422" }, { "trust": 0.2, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5075" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2426" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5084" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1711" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2461" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5820" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2470" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0547" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2451" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2459" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5823" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2460" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1713" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5784" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5830" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5800" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2456" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5803" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5086" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2383" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2423" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2447" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2452" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2445" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2450" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5778" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5780" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5073" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1493" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2446" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5069" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-5035" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1500" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5850" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2384" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1557" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2453" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0401" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5085" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2407" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2421" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2429" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5068" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5071" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0497" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5774" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5782" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1725" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5790" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5805" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5802" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5849" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1719" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2448" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2458" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5825" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0506" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1484" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2430" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2415" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3216" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1718" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5772" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5074" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2454" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2444" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5072" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2436" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4416" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1537" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2449" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0503" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2457" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0169" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3563" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0809" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5077" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1723" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1726" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1571" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5081" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5840" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5851" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2465" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2431" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2473" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5783" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2463" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2412" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5809" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2420" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0501" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2417" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2471" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2424" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5076" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5842" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1569" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1724" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5797" }, { "trust": 0.2, "url": "http://security.gentoo.org/" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5070" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1486" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2472" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1488" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0502" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5814" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5817" }, { "trust": 0.2, "url": "https://bugs.gentoo.org." }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2455" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5089" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-0503.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-0502.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-3563.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-0497.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.2, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2011-5035.html" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-0505.html" }, { "trust": 0.2, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-0506.html" }, { "trust": 0.2, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.2, "url": "https://www.redhat.com/security/data/cve/cve-2012-0501.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0504" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-3571" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/20.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2012:0322" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/1373-2/" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/2012/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=25553" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b23~pre11-0ubuntu1.11.10.2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b22-1.10.6-0ubuntu1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.13-0ubuntu1~10.10.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6/6b20-1.9.13-0ubuntu1~10.04.1" }, { "trust": 0.1, "url": "http://www.apple.com/support/downloads/" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "http://support.apple.com/kb/ht1222" }, { "trust": 0.1, "url": "http://www.o" }, { "trust": 0.1, "url": "http://gpgtools.org" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0864" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2412" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3557" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0865" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4471" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3557" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3562" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-4002" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1478" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5979" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6954" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4540" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0441" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2421" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0870" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3554" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0862" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0706" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0434" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3567" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4472" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3556" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3568" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3548" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3549" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2009-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0457" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2783" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3552" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0451" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0459" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-1876" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0431" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0458" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3521" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3564" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4465" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3569" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2403" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-2548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0871" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2398" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0432" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0815" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1475" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4469" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3564" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3569" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0461" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0442" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0427" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3548" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2427" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3541" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3549" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0872" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0429" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3860" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0433" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3554" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0822" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3553" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3555" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0025" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1476" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0424" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0435" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3544" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0456" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4450" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0450" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0460" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-6629" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-2783" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1480" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4351" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0428" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0869" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3551" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-2397" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0452" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3553" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0446" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0453" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-3860" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0868" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0440" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0443" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-3389" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4351" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3551" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-3557" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0498.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0500.html" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0499.html" }, { "trust": 0.1, "url": "https://access.redhat.com/knowledge/articles/11258" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0507.html" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.13-0ubuntu1~10.10.1" }, { "trust": 0.1, "url": "http://www.ubuntu.com/usn/usn-1373-2" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.13-0ubuntu1~11.04.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/openjdk-6b18/6b18-1.8.13-0ubuntu1~10.04.1" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://www.hp.com/go/swa" }, { "trust": 0.1, "url": "http://www.hp.com/go/java" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0497" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3571" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0505" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0500" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3563" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0498" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0499" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0503" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0506" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0502" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0501" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0507" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5870" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0419" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5818" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1541" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5889" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0449" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2440" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1540" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0385" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2427" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2437" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0445" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0500" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2468" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3743" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5893" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3159" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3174" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5888" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0437" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1541" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0373" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0351" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5789" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0504" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1682" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5899" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5801" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5832" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5848" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0428" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1719" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1533" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2400" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1564" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3143" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0448" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0438" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5810" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5905" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201401-30.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5904" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5831" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0422" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3744" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5854" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2394" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0498" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5852" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5777" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0547" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0499" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0409" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1532" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2428" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4681" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2462" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0423" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5083" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0375" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2439" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2416" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3136" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0376" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5824" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3342" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5776" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1531" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0417" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1723" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5819" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1722" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5895" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2466" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0403" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0446" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2418" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5788" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0416" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0424" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1473" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5887" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0418" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0410" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0368" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1717" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2425" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1722" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5902" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2432" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0387" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1716" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1533" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2438" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1721" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0382" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5812" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-3213" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5846" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1718" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5775" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5787" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5898" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1531" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1481" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2433" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5844" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5906" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1711" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1532" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2435" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1491" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5910" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1487" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1713" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5907" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5896" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5843" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5067" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1682" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2467" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5079" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0411" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-1721" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-1479" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2434" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2442" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2464" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5878" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2014-0408" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0402" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-5838" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-5088" }, { "trust": 0.1, "url": "http://secunia.com/company/jobs/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/47819/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=47819" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/advisories/47819/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "https://access.redhat.com/kb/docs/doc-11259" }, { "trust": 0.1, "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.10/file/icedtea6-1.10.6/news" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2011-3571.html" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2012-0322.html" } ], "sources": [ { "db": "CERT/CC", "id": "VU#903934" }, { "db": "VULMON", "id": "CVE-2011-5035" }, { "db": "BID", "id": "51194" }, { "db": "JVNDB", "id": "JVNDB-2011-003567" }, { "db": "PACKETSTORM", "id": "110181" }, { "db": "PACKETSTORM", "id": "111594" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "112144" }, { "db": "PACKETSTORM", "id": "110365" }, { "db": "PACKETSTORM", "id": "113170" }, { "db": "PACKETSTORM", "id": "109918" }, { "db": "PACKETSTORM", "id": "124943" }, { "db": "PACKETSTORM", "id": "109353" }, { "db": "PACKETSTORM", "id": "110035" }, { "db": "CNNVD", "id": "CNNVD-201112-500" }, { "db": "CNNVD", "id": "CNNVD-201112-502" }, { "db": "NVD", "id": "CVE-2011-5035" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#903934" }, { "db": "VULMON", "id": "CVE-2011-5035" }, { "db": "BID", "id": "51194" }, { "db": "JVNDB", "id": "JVNDB-2011-003567" }, { "db": "PACKETSTORM", "id": "110181" }, { "db": "PACKETSTORM", "id": "111594" }, { "db": "PACKETSTORM", "id": "127267" }, { "db": "PACKETSTORM", "id": "112144" }, { "db": "PACKETSTORM", "id": "110365" }, { "db": "PACKETSTORM", "id": "113170" }, { "db": "PACKETSTORM", "id": "109918" }, { "db": "PACKETSTORM", "id": "124943" }, { "db": "PACKETSTORM", "id": "109353" }, { "db": "PACKETSTORM", "id": "110035" }, { "db": "CNNVD", "id": "CNNVD-201112-500" }, { "db": "CNNVD", "id": "CNNVD-201112-502" }, { "db": "NVD", "id": "CVE-2011-5035" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-12-28T00:00:00", "db": "CERT/CC", "id": "VU#903934" }, { "date": "2011-12-30T00:00:00", "db": "VULMON", "id": "CVE-2011-5035" }, { "date": "2011-12-29T00:00:00", "db": "BID", "id": "51194" }, { "date": "2012-01-04T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-003567" }, { "date": "2012-02-24T22:58:36", "db": "PACKETSTORM", "id": "110181" }, { "date": "2012-04-05T01:14:57", "db": "PACKETSTORM", "id": "111594" }, { "date": "2014-06-30T23:39:28", "db": "PACKETSTORM", "id": "127267" }, { "date": "2012-04-25T02:09:03", "db": "PACKETSTORM", "id": "112144" }, { "date": "2012-03-02T03:55:14", "db": "PACKETSTORM", "id": "110365" }, { "date": "2012-06-01T00:12:35", "db": "PACKETSTORM", "id": "113170" }, { "date": "2012-02-18T03:25:35", "db": "PACKETSTORM", "id": "109918" }, { "date": "2014-01-27T18:30:13", "db": "PACKETSTORM", "id": "124943" }, { "date": "2012-02-02T03:30:52", "db": "PACKETSTORM", "id": "109353" }, { "date": "2012-02-22T02:10:34", "db": "PACKETSTORM", "id": "110035" }, { "date": "1900-01-01T00:00:00", "db": "CNNVD", "id": "CNNVD-201112-500" }, { "date": "2011-12-30T00:00:00", "db": "CNNVD", "id": "CNNVD-201112-502" }, { "date": "2011-12-30T01:55:01.640000", "db": "NVD", "id": "CVE-2011-5035" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2016-02-15T00:00:00", "db": "CERT/CC", "id": "VU#903934" }, { "date": "2018-01-06T00:00:00", "db": "VULMON", "id": "CVE-2011-5035" }, { "date": "2015-04-13T21:24:00", "db": "BID", "id": "51194" }, { "date": "2015-03-06T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-003567" }, { "date": "2012-01-04T00:00:00", "db": "CNNVD", "id": "CNNVD-201112-500" }, { "date": "2012-01-04T00:00:00", "db": "CNNVD", "id": "CNNVD-201112-502" }, { "date": "2024-11-21T01:33:28.300000", "db": "NVD", "id": "CVE-2011-5035" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "110181" }, { "db": "PACKETSTORM", "id": "113170" }, { "db": "CNNVD", "id": "CNNVD-201112-500" }, { "db": "CNNVD", "id": "CNNVD-201112-502" } ], "trust": 1.4 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Hash table implementations vulnerable to algorithmic complexity attacks", "sources": [ { "db": "CERT/CC", "id": "VU#903934" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-201112-502" } ], "trust": 0.6 } }
var-201403-0506
Vulnerability from variot
The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method. ** Delete ** This case JVNDB-2014-000045 It was removed because it was found to be duplicated. JVNDB-2014-000045 Please refer to. Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 2.0.0 through 2.3.16 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2014-0007 Synopsis: VMware product updates address security vulnerabilities in Apache Struts library Issue date: 2014-06-24 Updated on: 2014-06-24 (Initial Advisory) CVE number: CVE-2014-0050, CVE-2014-0094, CVE-2014-0112
-
Summary
VMware product updates address security vulnerabilities in Apache Struts library
-
Relevant releases
VMware vCenter Operations Management Suite prior to 5.8.2
-
Problem Description
a. The Apache Struts library is updated to version 2.3.16.2 to address multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2014-0050, CVE-2014-0094, and
CVE-2014-0112 to these issues.
CVE-2014-0112 may lead to remote code execution. This issue was
found to be only partially addressed in CVE-2014-0094.
CVE-2014-0050 may lead to a denial of service condition.
vCenter Operations Management Suite (vCOps) is affected by both
CVE-2014-0112 and CVE-2014-0050. Exploitation of CVE-2014-0112
may lead to remote code execution without authentication.
vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not
by CVE-2014-0112.
Workaround
A workaround for CVE-2014-0112 is documented in VMware Knowledge Base
article 2081470.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
vCOPS 5.8.x any vCOPS 5.8.2
vCOPS 5.7.x any patch pending *
vCO 5.5 any patch pending
vCO 5.1 any patch pending
vCO 4.2 any patch pending
*Customers are advised to apply the workaround or update to vCOps
5.8.2.
- Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
vCenter Operations Management Suite 5.8.2
Downloads and Documentation: https://www.vmware.com/go/download-vcops
- References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112
http://kb.vmware.com/kb/2081470
- Change log
2014-06-24 VMSA-2014-0007 Initial security advisory in conjunction with the release of vCenter Operations Management Suite 5.8.2 on 2014-06-24.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html
Twitter https://twitter.com/VMwareSRC
Copyright 2014 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.2 (Build 15337) Charset: utf-8
wj8DBQFTqi0BDEcm8Vbi9kMRAnCKAJ9otVO7DlXuMnSEGh2TLBzS5hniKgCeMnAM CZ5+DYZAydCjMwVgtKqoo7Y= =Vwu5 -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201403-0506", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "struts", "scope": "lt", "trust": 1.8, "vendor": "apache", "version": "2.3.16.1" }, { "model": "struts", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.0" }, { "model": "integrated system ha database ready", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "business analytics modeling server" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "business process manager analytics" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "extreme transaction processing server" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "mobile manager" }, { "model": "interstage application development cycle manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage service integrator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "serverview", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "resource orchestrator" }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "analytics server" }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "server" }, { "model": "systemwalker service catalog manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker service quality coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker software configuration manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "triole", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "cloud middle set b set" }, { "model": "cloud infrastructure management software", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.12" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.1" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.14.2" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.0.11.1" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.15.1" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.14" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.15.3" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.14.3" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.15" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.0.11.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.0.0" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.11" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.7" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.4" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.6" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.5" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.14" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.9" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.1.0" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.8" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.4" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.5" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.12" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.6" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.13" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.10" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11.2" }, { "model": "storwize unified", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "v70001.3.0.5" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" } ], "sources": [ { "db": "BID", "id": "65999" }, { "db": "JVNDB", "id": "JVNDB-2014-001603" }, { "db": "CNNVD", "id": "CNNVD-201403-191" }, { "db": "NVD", "id": "CVE-2014-0094" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:struts", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:integrated_system_ha_database_ready", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:serverview", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:symfoware", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:triole", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:cloud_infrastructure_management_software", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001603" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Mark Thomas and Przemyslaw Celej", "sources": [ { "db": "BID", "id": "65999" } ], "trust": 0.3 }, "cve": "CVE-2014-0094", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "id": "CVE-2014-0094", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0094", "trust": 1.0, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201403-191", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2014-0094", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0094" }, { "db": "CNNVD", "id": "CNNVD-201403-191" }, { "db": "NVD", "id": "CVE-2014-0094" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to \"manipulate\" the ClassLoader via the class parameter, which is passed to the getClass method. ** Delete ** This case JVNDB-2014-000045 It was removed because it was found to be duplicated. JVNDB-2014-000045 Please refer to. Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Struts versions 2.0.0 through 2.3.16 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2014-0007\nSynopsis: VMware product updates address security vulnerabilities in \n Apache Struts library \nIssue date: 2014-06-24\nUpdated on: 2014-06-24 (Initial Advisory)\nCVE number: CVE-2014-0050, CVE-2014-0094, CVE-2014-0112\n- ------------------------------------------------------------------------\n\n1. Summary\n\n VMware product updates address security vulnerabilities in Apache \n Struts library\n\n2. Relevant releases\n\n VMware vCenter Operations Management Suite prior to 5.8.2\n\n3. Problem Description\n\n a. The Apache Struts library is updated to version 2.3.16.2 to \n address multiple security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2014-0050, CVE-2014-0094, and\n CVE-2014-0112 to these issues. \n\n CVE-2014-0112 may lead to remote code execution. This issue was \n found to be only partially addressed in CVE-2014-0094. \n\n CVE-2014-0050 may lead to a denial of service condition. \n\n vCenter Operations Management Suite (vCOps) is affected by both \n CVE-2014-0112 and CVE-2014-0050. Exploitation of CVE-2014-0112\n may lead to remote code execution without authentication. \n\n vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not \n by CVE-2014-0112. \n\n Workaround\n\n A workaround for CVE-2014-0112 is documented in VMware Knowledge Base\n article 2081470. \n\n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product\tRunning\tReplace with/\n Product Version\ton\tApply Patch\n ============= =======\t=======\t=================\n vCOPS\t 5.8.x \tany \tvCOPS 5.8.2\n vCOPS 5.7.x any patch pending *\n\n vCO 5.5 any patch pending\n vCO 5.1 any patch pending\n vCO 4.2 any patch pending\n\n *Customers are advised to apply the workaround or update to vCOps\n5.8.2. \n\n4. Solution\n\n Please review the patch/release notes for your product and version \n and verify the checksum of your downloaded file. \n\n vCenter Operations Management Suite 5.8.2\n -----------------------------------------\n Downloads and Documentation:\n https://www.vmware.com/go/download-vcops\n \n5. References\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112\n\n http://kb.vmware.com/kb/2081470\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n 2014-06-24 VMSA-2014-0007\n Initial security advisory in conjunction with the release of vCenter\n Operations Management Suite 5.8.2 on 2014-06-24. \n\n- ------------------------------------------------------------------------\n\n7. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n security-announce at lists.vmware.com\n bugtraq at securityfocus.com\n fulldisclosure at seclists.org\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n VMware Security Response Policy\n https://www.vmware.com/support/policies/security_response.html\n\n VMware Lifecycle Support Phases\n https://www.vmware.com/support/policies/lifecycle.html\n \n Twitter\n https://twitter.com/VMwareSRC\n\n Copyright 2014 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: Encryption Desktop 10.3.2 (Build 15337)\nCharset: utf-8\n\nwj8DBQFTqi0BDEcm8Vbi9kMRAnCKAJ9otVO7DlXuMnSEGh2TLBzS5hniKgCeMnAM\nCZ5+DYZAydCjMwVgtKqoo7Y=\n=Vwu5\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2014-0094" }, { "db": "JVNDB", "id": "JVNDB-2014-001603" }, { "db": "BID", "id": "65999" }, { "db": "VULMON", "id": "CVE-2014-0094" }, { "db": "PACKETSTORM", "id": "127215" } ], "trust": 2.07 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41690", "trust": 0.2, "type": "exploit" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0094" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0094", "trust": 2.9 }, { "db": "SECTRACK", "id": "1029876", "trust": 2.4 }, { "db": "BID", "id": "65999", "trust": 1.9 }, { "db": "PACKETSTORM", "id": "127215", "trust": 1.7 }, { "db": "JVN", "id": "JVN19294237", "trust": 1.6 }, { "db": "SECUNIA", "id": "56440", "trust": 1.6 }, { "db": "SECUNIA", "id": "59178", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2014-000045", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2014-001603", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201403-191", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2014-0094", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0094" }, { "db": "BID", "id": "65999" }, { "db": "JVNDB", "id": "JVNDB-2014-001603" }, { "db": "PACKETSTORM", "id": "127215" }, { "db": "CNNVD", "id": "CNNVD-201403-191" }, { "db": "NVD", "id": "CVE-2014-0094" } ] }, "id": "VAR-201403-0506", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.1875 }, "last_update_date": "2024-11-23T20:28:33.827000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "S2-021", "trust": 0.8, "url": "http://struts.apache.org/release/2.3.x/docs/s2-021.html" }, { "title": "S2-020", "trust": 0.8, "url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html" }, { "title": "CVE-2014-0094 \u4ed6 \u306b\u95a2\u3059\u308b\u5f71\u97ff", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/vulnerabilities/cve2014-0094-0114.html" }, { "title": "Interstage BPMA\u4ed6 CVE-2014-0094", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_bpma201401.html" }, { "title": "Interstage Application Development Cycle Manager(ADM): struts\u306e\u8106\u5f31\u6027(CVE-2014-0094) (2014\u5e745\u670827\u65e5)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_aplidevcyclemgr_201401.html" }, { "title": "Symfoware Server\uff08Open\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\uff09: Struts\u306e\u8106\u5f31\u6027(CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116) (2014\u5e746\u67082\u65e5)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201402.html" }, { "title": "struts-2.3.16.1-all", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48603" }, { "title": "Debian CVElist Bug Report Logs: libstruts1.2-java: CVE-2014-0114", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=96f4091aa31a0ece729fdcb110066df5" }, { "title": "Red Hat: CVE-2014-0094", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0094" }, { "title": "VMware Security Advisories: VMware product updates address security vulnerabilities in Apache Struts library", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=3f8f92a767d3e2773247be2d5077cbee" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585" }, { "title": "CVE-2014-0094-test-program-for-struts1", "trust": 0.1, "url": "https://github.com/HasegawaTadamitsu/CVE-2014-0094-test-program-for-struts1 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0094" }, { "db": "JVNDB", "id": "JVNDB-2014-001603" }, { "db": "CNNVD", "id": "CNNVD-201403-191" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2014-0094" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.securitytracker.com/id/1029876" }, { "trust": 1.6, "url": "http://jvn.jp/en/jp/jvn19294237/index.html" }, { "trust": 1.6, "url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded" }, { "trust": 1.6, "url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000045" }, { "trust": 1.6, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0007.html" }, { "trust": 1.6, "url": "http://www.securityfocus.com/archive/1/531362/100/0/threaded" }, { "trust": 1.6, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm" }, { "trust": 1.6, "url": "http://secunia.com/advisories/59178" }, { "trust": 1.6, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706" }, { "trust": 1.6, "url": "http://secunia.com/advisories/56440" }, { "trust": 1.6, "url": "http://www.securityfocus.com/bid/65999" }, { "trust": 1.6, "url": "http://packetstormsecurity.com/files/127215/vmware-security-advisory-2014-0007.html" }, { "trust": 1.6, "url": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new" }, { "trust": 1.6, "url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html" }, { "trust": 1.6, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0094" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20140417-struts.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0094" }, { "trust": 0.3, "url": "http://struts.apache.org/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0050" }, { "trust": 0.1, "url": "https://twitter.com/vmwaresrc" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0112" }, { "trust": 0.1, "url": "https://www.vmware.com/support/policies/lifecycle.html" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/2081470" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0112" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "https://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://www.vmware.com/security/advisories" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0094" }, { "trust": 0.1, "url": "https://www.vmware.com/go/download-vcops" } ], "sources": [ { "db": "BID", "id": "65999" }, { "db": "JVNDB", "id": "JVNDB-2014-001603" }, { "db": "PACKETSTORM", "id": "127215" }, { "db": "CNNVD", "id": "CNNVD-201403-191" }, { "db": "NVD", "id": "CVE-2014-0094" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2014-0094" }, { "db": "BID", "id": "65999" }, { "db": "JVNDB", "id": "JVNDB-2014-001603" }, { "db": "PACKETSTORM", "id": "127215" }, { "db": "CNNVD", "id": "CNNVD-201403-191" }, { "db": "NVD", "id": "CVE-2014-0094" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-03-11T00:00:00", "db": "VULMON", "id": "CVE-2014-0094" }, { "date": "2014-03-06T00:00:00", "db": "BID", "id": "65999" }, { "date": "2014-03-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001603" }, { "date": "2014-06-25T21:34:12", "db": "PACKETSTORM", "id": "127215" }, { "date": "2014-03-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201403-191" }, { "date": "2014-03-11T13:00:37.107000", "db": "NVD", "id": "CVE-2014-0094" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2019-08-12T00:00:00", "db": "VULMON", "id": "CVE-2014-0094" }, { "date": "2015-07-15T00:14:00", "db": "BID", "id": "65999" }, { "date": "2014-06-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-001603" }, { "date": "2019-08-15T00:00:00", "db": "CNNVD", "id": "CNNVD-201403-191" }, { "date": "2024-11-21T02:01:20.827000", "db": "NVD", "id": "CVE-2014-0094" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201403-191" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "** Delete ** Apache Struts of ParametersInterceptor In ClassLoader Vulnerability manipulated", "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-001603" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-201403-191" } ], "trust": 0.6 } }
var-201404-0286
Vulnerability from variot
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated. NTT-CERT reported this vulnerability to IPA. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Summary:
A minor version update (from 7.2 to 7.3) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description:
This release of Red Hat Fuse 7.3 serves as a replacement for Red Hat Fuse 7.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
-
jackson-databind: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)
-
struts2: ClassLoader manipulation via request parameters (CVE-2014-0112)
-
jetty: HTTP request smuggling (CVE-2017-7657)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:
Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.
Installation instructions are available from the Fuse 7.3.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/
- Bugs fixed (https://bugzilla.redhat.com/):
1091939 - CVE-2014-0112 struts2: ClassLoader manipulation via request parameters 1462702 - CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper 1595620 - CVE-2017-7657 jetty: HTTP request smuggling
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2014-0007 Synopsis: VMware product updates address security vulnerabilities in Apache Struts library Issue date: 2014-06-24 Updated on: 2014-06-24 (Initial Advisory) CVE number: CVE-2014-0050, CVE-2014-0094, CVE-2014-0112
-
Summary
VMware product updates address security vulnerabilities in Apache Struts library
-
Relevant releases
VMware vCenter Operations Management Suite prior to 5.8.2
-
Problem Description
a. The Apache Struts library is updated to version 2.3.16.2 to address multiple security issues.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2014-0050, CVE-2014-0094, and
CVE-2014-0112 to these issues.
CVE-2014-0112 may lead to remote code execution. This issue was
found to be only partially addressed in CVE-2014-0094.
CVE-2014-0050 may lead to a denial of service condition.
vCenter Operations Management Suite (vCOps) is affected by both
CVE-2014-0112 and CVE-2014-0050. Exploitation of CVE-2014-0112
may lead to remote code execution without authentication.
vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not
by CVE-2014-0112.
Workaround
A workaround for CVE-2014-0112 is documented in VMware Knowledge Base
article 2081470.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======= ======= =================
vCOPS 5.8.x any vCOPS 5.8.2
vCOPS 5.7.x any patch pending *
vCO 5.5 any patch pending
vCO 5.1 any patch pending
vCO 4.2 any patch pending
*Customers are advised to apply the workaround or update to vCOps
5.8.2.
- Solution
Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.
vCenter Operations Management Suite 5.8.2
Downloads and Documentation: https://www.vmware.com/go/download-vcops
- References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112
http://kb.vmware.com/kb/2081470
- Change log
2014-06-24 VMSA-2014-0007 Initial security advisory in conjunction with the release of vCenter Operations Management Suite 5.8.2 on 2014-06-24.
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Advisories http://www.vmware.com/security/advisories
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html
Twitter https://twitter.com/VMwareSRC
Copyright 2014 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.2 (Build 15337) Charset: utf-8
wj8DBQFTqi0BDEcm8Vbi9kMRAnCKAJ9otVO7DlXuMnSEGh2TLBzS5hniKgCeMnAM CZ5+DYZAydCjMwVgtKqoo7Y= =Vwu5 -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0286", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "struts", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.0.0" }, { "model": "struts", "scope": "lt", "trust": 1.0, "vendor": "apache", "version": "2.3.16.2" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apache struts", "version": null }, { "model": "struts", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "2.0.0 to 2.3.16.1" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 for x86(32bit)" }, { "model": "asianux server", "scope": "eq", "trust": 0.8, "vendor": "cybertrust", "version": "3 for x86_64(64bit)" }, { "model": "cloud infrastructure management software", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "integrated system ha database ready", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "business analytics modeling server" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "business process manager analytics" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "extreme transaction processing server" }, { "model": "interstage", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "mobile manager" }, { "model": "interstage application development cycle manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application framework suite", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage interaction manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage service integrator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "serverview", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "resource orchestrator" }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "analytics server" }, { "model": "symfoware", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "server" }, { "model": "systemwalker service catalog manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker service quality coordinator", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "systemwalker software configuration manager", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "triole", "scope": "eq", "trust": 0.8, "vendor": "fujitsu", "version": "cloudmiddleset b set" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.8" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.7" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.14.1" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.14" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.4.1" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.14.3" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.16.1" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.15" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.4" }, { "model": "struts", "scope": "eq", "trust": 0.6, "vendor": "apache", "version": "2.3.14.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.8" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.6" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.5" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.14" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.12" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.11" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.10" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.9" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.8" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.7" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.6" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.5" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.4" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.2" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.3.1.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.2.3.1" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.4" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.1.3" }, { "model": "software foundation struts", "scope": "eq", "trust": 0.3, "vendor": "apache", "version": "2.0.13" } ], "sources": [ { "db": "CERT/CC", "id": "VU#719225" }, { "db": "BID", "id": "67064" }, { "db": "JVNDB", "id": "JVNDB-2014-000045" }, { "db": "CNNVD", "id": "CNNVD-201404-445" }, { "db": "NVD", "id": "CVE-2014-0112" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:apache:struts", "vulnerable": true }, { "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:cloud_infrastructure_management_software", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:integrated_system_ha_database_ready", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_interaction_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:interstage_studio", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:serverview", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:symfoware", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager", "vulnerable": true }, { "cpe22Uri": "cpe:/a:fujitsu:triole", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-000045" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "152687" }, { "db": "CNNVD", "id": "CNNVD-201404-445" } ], "trust": 0.7 }, "cve": "CVE-2014-0112", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2014-0112", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 1.1, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "availabilityRequirement": "NOT DEFINED", "baseScore": 7.5, "collateralDamagePotential": "LOW", "confidentialityImpact": "PARTIAL", "confidentialityRequirement": "NOT DEFINED", "enviromentalScore": 6.9, "exploitability": "HIGH", "exploitabilityScore": 10.0, "id": "CVE-2014-0094", "impactScore": 6.4, "integrityImpact": "PARTIAL", "integrityRequirement": "NOT DEFINED", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "remediationLevel": "OFFICIAL FIX", "reportConfidence": "CONFIRMED", "severity": "HIGH", "targetDistribution": "HIGH", "trust": 0.8, "userInteractionRequired": null, "vector_string": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "IPA", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2014-000045", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2014-0112", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2014-0094", "trust": 0.8, "value": "HIGH" }, { "author": "IPA", "id": "JVNDB-2014-000045", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201404-445", "trust": 0.6, "value": "HIGH" }, { "author": "VULMON", "id": "CVE-2014-0112", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#719225" }, { "db": "VULMON", "id": "CVE-2014-0112" }, { "db": "JVNDB", "id": "JVNDB-2014-000045" }, { "db": "CNNVD", "id": "CNNVD-201404-445" }, { "db": "NVD", "id": "CVE-2014-0112" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated. NTT-CERT reported this vulnerability to IPA. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Summary:\n\nA minor version update (from 7.2 to 7.3) is now available for Red Hat Fuse. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. Description:\n\nThis release of Red Hat Fuse 7.3 serves as a replacement for Red Hat Fuse\n7.2, and includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* jackson-databind: A deserialization flaw was discovered in the\njackson-databind which could allow an unauthenticated user to perform code\nexecution by sending the maliciously crafted input to the readValue method\nof the ObjectMapper. (CVE-2017-7525)\n\n* struts2: ClassLoader manipulation via request parameters (CVE-2014-0112)\n\n* jetty: HTTP request smuggling (CVE-2017-7657)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are available from the Fuse 7.3.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1091939 - CVE-2014-0112 struts2: ClassLoader manipulation via request parameters\n1462702 - CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper\n1595620 - CVE-2017-7657 jetty: HTTP request smuggling\n\n5. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2014-0007\nSynopsis: VMware product updates address security vulnerabilities in \n Apache Struts library \nIssue date: 2014-06-24\nUpdated on: 2014-06-24 (Initial Advisory)\nCVE number: CVE-2014-0050, CVE-2014-0094, CVE-2014-0112\n- ------------------------------------------------------------------------\n\n1. Summary\n\n VMware product updates address security vulnerabilities in Apache \n Struts library\n\n2. Relevant releases\n\n VMware vCenter Operations Management Suite prior to 5.8.2\n\n3. Problem Description\n\n a. The Apache Struts library is updated to version 2.3.16.2 to \n address multiple security issues. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2014-0050, CVE-2014-0094, and\n CVE-2014-0112 to these issues. \n\n CVE-2014-0112 may lead to remote code execution. This issue was \n found to be only partially addressed in CVE-2014-0094. \n\n CVE-2014-0050 may lead to a denial of service condition. \n\n vCenter Operations Management Suite (vCOps) is affected by both \n CVE-2014-0112 and CVE-2014-0050. Exploitation of CVE-2014-0112\n may lead to remote code execution without authentication. \n\n vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not \n by CVE-2014-0112. \n\n Workaround\n\n A workaround for CVE-2014-0112 is documented in VMware Knowledge Base\n article 2081470. \n\n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is \n available. \n\n VMware Product\tRunning\tReplace with/\n Product Version\ton\tApply Patch\n ============= =======\t=======\t=================\n vCOPS\t 5.8.x \tany \tvCOPS 5.8.2\n vCOPS 5.7.x any patch pending *\n\n vCO 5.5 any patch pending\n vCO 5.1 any patch pending\n vCO 4.2 any patch pending\n\n *Customers are advised to apply the workaround or update to vCOps\n5.8.2. \n\n4. Solution\n\n Please review the patch/release notes for your product and version \n and verify the checksum of your downloaded file. \n\n vCenter Operations Management Suite 5.8.2\n -----------------------------------------\n Downloads and Documentation:\n https://www.vmware.com/go/download-vcops\n \n5. References\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112\n\n http://kb.vmware.com/kb/2081470\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n 2014-06-24 VMSA-2014-0007\n Initial security advisory in conjunction with the release of vCenter\n Operations Management Suite 5.8.2 on 2014-06-24. \n\n- ------------------------------------------------------------------------\n\n7. Contact\n\n E-mail list for product security notifications and announcements:\n http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n This Security Advisory is posted to the following lists:\n\n security-announce at lists.vmware.com\n bugtraq at securityfocus.com\n fulldisclosure at seclists.org\n\n E-mail: security at vmware.com\n PGP key at: http://kb.vmware.com/kb/1055\n\n VMware Security Advisories\n http://www.vmware.com/security/advisories\n\n VMware Security Response Policy\n https://www.vmware.com/support/policies/security_response.html\n\n VMware Lifecycle Support Phases\n https://www.vmware.com/support/policies/lifecycle.html\n \n Twitter\n https://twitter.com/VMwareSRC\n\n Copyright 2014 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: Encryption Desktop 10.3.2 (Build 15337)\nCharset: utf-8\n\nwj8DBQFTqi0BDEcm8Vbi9kMRAnCKAJ9otVO7DlXuMnSEGh2TLBzS5hniKgCeMnAM\nCZ5+DYZAydCjMwVgtKqoo7Y=\n=Vwu5\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2014-0112" }, { "db": "CERT/CC", "id": "VU#719225" }, { "db": "JVNDB", "id": "JVNDB-2014-000045" }, { "db": "BID", "id": "67064" }, { "db": "VULMON", "id": "CVE-2014-0112" }, { "db": "PACKETSTORM", "id": "152687" }, { "db": "PACKETSTORM", "id": "127215" } ], "trust": 2.88 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.kb.cert.org/vuls/id/719225", "trust": 0.8, "type": "unknown" }, { "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=33142", "trust": 0.2, "type": "exploit" } ], "sources": [ { "db": "CERT/CC", "id": "VU#719225" }, { "db": "VULMON", "id": "CVE-2014-0112" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2014-0112", "trust": 3.0 }, { "db": "JVN", "id": "JVN19294237", "trust": 2.5 }, { "db": "JVNDB", "id": "JVNDB-2014-000045", "trust": 2.5 }, { "db": "BID", "id": "67064", "trust": 2.0 }, { "db": "PACKETSTORM", "id": "127215", "trust": 1.8 }, { "db": "SECUNIA", "id": "59500", "trust": 1.7 }, { "db": "SECUNIA", "id": "59178", "trust": 1.7 }, { "db": "CERT/CC", "id": "VU#719225", "trust": 1.6 }, { "db": "PACKETSTORM", "id": "152687", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2019.1493", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-201404-445", "trust": 0.6 }, { "db": "EXPLOITDB", "id": "33142", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2014-0112", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#719225" }, { "db": "VULMON", "id": "CVE-2014-0112" }, { "db": "BID", "id": "67064" }, { "db": "JVNDB", "id": "JVNDB-2014-000045" }, { "db": "PACKETSTORM", "id": "152687" }, { "db": "PACKETSTORM", "id": "127215" }, { "db": "CNNVD", "id": "CNNVD-201404-445" }, { "db": "NVD", "id": "CVE-2014-0112" } ] }, "id": "VAR-201404-0286", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.1875 }, "last_update_date": "2024-11-23T20:43:10.110000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Announcements - 2013 24 April 2014 - Struts up to 2.3.16.1: Zero-Day Exploit Mitigation", "trust": 0.8, "url": "http://struts.apache.org/announce.html#a20140424" }, { "title": "Security Bulletins S2-020", "trust": 0.8, "url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html" }, { "title": "Security Bulletins S2-021", "trust": 0.8, "url": "http://struts.apache.org/release/2.3.x/docs/s2-021.html" }, { "title": "Download a Release of Apache Struts -- Full Releases Struts 2.3.16.2", "trust": 0.8, "url": "http://struts.apache.org/download.cgi#struts23162" }, { "title": "struts-1.2.9-4jpp.8.AXS3 ", "trust": 0.8, "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=3678\u0026sType=\u0026sProduct=\u0026published=1" }, { "title": "Interstage Application Development Cycle Manager(ADM): Apache Struts vulnerable (CVE-2014-0094)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_aplidevcyclemgr_201401.html" }, { "title": "CVE-2014-0094, CVE-2014-0114: Apache Struts vulnerable to ClassLoader manipulation", "trust": 0.8, "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve2014-0094-0114e.html" }, { "title": "Interstage Business Process Manager Analytics, Systemwalker Service Quality Coordinator: Vulnerability of allowing attackers to \"manipulate\" the ClassLoader (CVE-2014-0094). May 20th, 2014", "trust": 0.8, "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/interstage-bpma201401e.html" }, { "title": "Symfoware Server (Open Interface) : Security vulnerabilities of Struts (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201402.html" }, { "title": "Interstage Interaction Manager: Struts1 vulnerability (CVE-2014-0094)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_im_201401.html" }, { "title": "Interstage Mobile Manager: Struts1 vulnerability (CVE-2014-0094)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_mm_201401.html" }, { "title": "FUJITSU Integrated System HA Database Ready: Struts2 vulnerabilities (CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0116)", "trust": 0.8, "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/ha_db_ready_201401.html" }, { "title": "1680848", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680848" }, { "title": "1681190", "trust": 0.8, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681190" }, { "title": "2081470", "trust": 0.8, "url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=2081470" }, { "title": "NV15-001", "trust": 0.8, "url": "http://jpn.nec.com/security-info/secinfo/nv15-001.html" }, { "title": "Oracle Critical Patch Update Advisory - April 2015", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices", "trust": 0.8, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html" }, { "title": "Bug 1091939", "trust": 0.8, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091939" }, { "title": "Huawei-SA-20140707-01-Struts2", "trust": 0.8, "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm" }, { "title": "April 2015 Critical Patch Update Released", "trust": 0.8, "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update" }, { "title": "Alert/Advisory: Multiple Vulnerabilities in Apache Struts on Trend Micro Products", "trust": 0.8, "url": "http://esupport.trendmicro.com/solution/ja-JP/1103321.aspx" }, { "title": "VMSA-2014-0007", "trust": 0.8, "url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html" }, { "title": "Red Hat: Important: Red Hat Fuse 7.3 security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20190910 - Security Advisory" }, { "title": "Red Hat: CVE-2014-0112", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0112" }, { "title": "VMware Security Advisories: VMware product updates address security vulnerabilities in Apache Struts library", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=3f8f92a767d3e2773247be2d5077cbee" }, { "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585" }, { "title": "strutt-cve-2014-0114", "trust": 0.1, "url": "https://github.com/anob3it/strutt-cve-2014-0114 " }, { "title": "-maven-security-versions", "trust": 0.1, "url": "https://github.com/nagauker/-maven-security-versions " }, { "title": "maven-security-versions-Travis", "trust": 0.1, "url": "https://github.com/klee94/maven-security-versions-Travis " }, { "title": "maven-security-versions", "trust": 0.1, "url": "https://github.com/victims/maven-security-versions " }, { "title": "victims", "trust": 0.1, "url": "https://github.com/tmpgit3000/victims " }, { "title": "victims", "trust": 0.1, "url": "https://github.com/alexsh88/victims " }, { "title": "Threatpost", "trust": 0.1, "url": "https://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2014-0112" }, { "db": "JVNDB", "id": "JVNDB-2014-000045" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-264", "trust": 1.0 }, { "problemtype": "CWE-DesignError", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2014-000045" }, { "db": "NVD", "id": "CVE-2014-0112" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.5, "url": "http://jvn.jp/en/jp/jvn19294237/index.html" }, { "trust": 2.5, "url": "https://access.redhat.com/errata/rhsa-2019:0910" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/67064" }, { "trust": 2.3, "url": "http://packetstormsecurity.com/files/127215/vmware-security-advisory-2014-0007.html" }, { "trust": 2.3, "url": "http://www.vmware.com/security/advisories/vmsa-2014-0007.html" }, { "trust": 1.7, "url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000045" }, { "trust": 1.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091939" }, { "trust": 1.7, "url": "https://cwiki.apache.org/confluence/display/ww/s2-021" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59500" }, { "trust": 1.7, "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html" }, { "trust": 1.7, "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706" }, { "trust": 1.7, "url": "http://secunia.com/advisories/59178" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded" }, { "trust": 1.7, "url": "http://www.securityfocus.com/archive/1/531952/100/0/threaded" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0094" }, { "trust": 0.9, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0112" }, { "trust": 0.8, "url": "http://struts.apache.org/announce.html#a20140424" }, { "trust": 0.8, "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/chinese-underground-creates-tool-exploiting-apache-struts-vulnerability/" }, { "trust": 0.8, "url": "http://www.ipa.go.jp/security/ciadr/vul/20140417-struts.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0094" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0112" }, { "trust": 0.8, "url": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new/" }, { "trust": 0.8, "url": "http://www.kb.cert.org/vuls/id/719225" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/152687/red-hat-security-advisory-2019-0910-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/80006" }, { "trust": 0.3, "url": "http://struts.apache.org/" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2014-0112" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0112" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/264.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858/" }, { "trust": 0.1, "url": "https://www.exploit-db.com/exploits/33142/" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38390" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7657" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/html-single/release_notes/" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-7525" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7525" }, { "trust": 0.1, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#important" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-7657" }, { "trust": 0.1, "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.3.0" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0050" }, { "trust": 0.1, "url": "https://twitter.com/vmwaresrc" }, { "trust": 0.1, "url": "https://www.vmware.com/support/policies/lifecycle.html" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/2081470" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "https://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://www.vmware.com/security/advisories" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0094" }, { "trust": 0.1, "url": "https://www.vmware.com/go/download-vcops" } ], "sources": [ { "db": "CERT/CC", "id": "VU#719225" }, { "db": "VULMON", "id": "CVE-2014-0112" }, { "db": "BID", "id": "67064" }, { "db": "JVNDB", "id": "JVNDB-2014-000045" }, { "db": "PACKETSTORM", "id": "152687" }, { "db": "PACKETSTORM", "id": "127215" }, { "db": "CNNVD", "id": "CNNVD-201404-445" }, { "db": "NVD", "id": "CVE-2014-0112" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#719225" }, { "db": "VULMON", "id": "CVE-2014-0112" }, { "db": "BID", "id": "67064" }, { "db": "JVNDB", "id": "JVNDB-2014-000045" }, { "db": "PACKETSTORM", "id": "152687" }, { "db": "PACKETSTORM", "id": "127215" }, { "db": "CNNVD", "id": "CNNVD-201404-445" }, { "db": "NVD", "id": "CVE-2014-0112" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-04-25T00:00:00", "db": "CERT/CC", "id": "VU#719225" }, { "date": "2014-04-29T00:00:00", "db": "VULMON", "id": "CVE-2014-0112" }, { "date": "2014-04-24T00:00:00", "db": "BID", "id": "67064" }, { "date": "2014-04-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-000045" }, { "date": "2019-04-30T16:20:15", "db": "PACKETSTORM", "id": "152687" }, { "date": "2014-06-25T21:34:12", "db": "PACKETSTORM", "id": "127215" }, { "date": "2014-04-24T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-445" }, { "date": "2014-04-29T10:37:03.670000", "db": "NVD", "id": "CVE-2014-0112" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-07-24T00:00:00", "db": "CERT/CC", "id": "VU#719225" }, { "date": "2019-08-12T00:00:00", "db": "VULMON", "id": "CVE-2014-0112" }, { "date": "2015-04-16T18:14:00", "db": "BID", "id": "67064" }, { "date": "2015-05-08T00:00:00", "db": "JVNDB", "id": "JVNDB-2014-000045" }, { "date": "2019-08-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201404-445" }, { "date": "2024-11-21T02:01:23.690000", "db": "NVD", "id": "CVE-2014-0112" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-445" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache Struts2 ClassLoader allows access to class properties via request parameters", "sources": [ { "db": "CERT/CC", "id": "VU#719225" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201404-445" } ], "trust": 0.6 } }
jvndb-2014-000045
Vulnerability from jvndb
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000045.html", "dc:date": "2015-05-08T18:01+09:00", "dcterms:issued": "2014-04-25T15:37+09:00", "dcterms:modified": "2015-05-08T18:01+09:00", "description": "Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated.\r\n\r\nNTT-CERT reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.", "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000045.html", "sec:cpe": [ { "#text": "cpe:/a:apache:struts", "@product": "Apache Struts", "@vendor": "Apache Software Foundation", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:cloud_infrastructure_management_software", "@product": "Cloud Infrastructure Management Software", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:integrated_system_ha_database_ready", "@product": "FUJITSU Integrated System HA Database Ready", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage", "@product": "Interstage", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_development_cycle_manager", "@product": "Interstage Application Development Cycle Manager", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_apworks", "@product": "Interstage Apworks", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_server", "@product": "Interstage Business Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_interaction_manager", "@product": "Interstage Interaction Manager", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_job_workload_server", "@product": "Interstage Job Workload Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_service_integrator", "@product": "Interstage Service Integrator", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_studio", "@product": "Interstage Studio", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:serverview", "@product": "ServerView", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:symfoware", "@product": "Symfoware", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_service_catalog_manager", "@product": "Systemwalker Service Catalog Manager", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator", "@product": "Systemwalker Service Quality Coordinator", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_software_configuration_manager", "@product": "Systemwalker Software Configuration Manager", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:triole", "@product": "TRIOLE", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" } ], "sec:cvss": { "@score": "7.5", "@severity": "High", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2014-000045", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN19294237/index.html", "@id": "JVN#19294237", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094", "@id": "CVE-2014-0094", "@source": "CVE" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112", "@id": "CVE-2014-0112", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094", "@id": "CVE-2014-0094", "@source": "NVD" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112", "@id": "CVE-2014-0112", "@source": "NVD" }, { "#text": "http://www.ipa.go.jp/security/ciadr/vul/20140417-struts.html", "@id": "[Updated] Security Alert for Vulnerability in the \"Apache Struts2\" (CVE-2014-0094)(S2-020)", "@source": "IPA SECURITY ALERTS" }, { "#text": "http://www.kb.cert.org/vuls/id/719225", "@id": "VU#719225", "@source": "CERT-VN" }, { "#text": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new/", "@id": "Ver 7.3.0.0 - What\u2019s New?", "@source": "Related document" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-DesignError", "@title": "No Mapping(CWE-DesignError)" } ], "title": "Apache Struts vulnerable to ClassLoader manipulation" }